Audits and penetration testing are XMCO’s core business. Auditors are PASSI qualified by ANSSI
Identify all security vulnerabilities
Our auditors adopt the posture of an attacker to identify all security flaws in the configurations and management of Information System components.
XMCO develops its own intrusion tools and masters the software used
Thanks to its recognized experience in intrusion tests and intrusion response, XMCO guarantees pragmatic audits, of which the “risk of intrusion” remains the common thread.
The audits take place in 4 major phases:
An audit protocol with control points is defined
Interviews (technical and/or organizational) are conducted by a senior consultant
The configurations are analyzed with the collaboration of your teams
Finally, the audit can be supplemented by intrusion tests in order to obtain a transversal vision of the level of security
The purpose of code auditing is to verify the security of an application’s code.
The technical aspect
Are good development practices and application security elements respected?
Are the features correctly implemented?
This approach makes it possible to detect a large number of vulnerabilities at source.
It is carried out in an automated and manual way, in order to result in corrective actions and an action plan. It can be carried out before an application is put into production or on an ad hoc basis. Ideally, code audits respond to a preventive approach to code quality, with lighter but regular audits throughout the lifecycle of the application.
Penetration testing measures the risk associated with an information system by simulating realistic attack conditions. It identifies vulnerabilities that can be exploited and lead to the compromise of an information system via your internal networks or the Internet.
The listener temporarily adopts the posture of a real attacker and strives to reproduce the approach and techniques of a real malicious individual. Penetration tests can be carried out
Internal intrusion test methodology
This consists of placing the listener directly on the target network. Connected like an employee to the corporate network, the listener attacks your computer resources.
Extrenal intrusion test methodology
This consists of placing the listener outside the network. It therefore targets services exposed on the Internet, whether they are hosted by you or by a service provider.