Back to Top

Security Testing

Security testing encompasses all forms of technical evaluation ranging from zero-knowledge black-box penetration testing through to detailed source code analysis and system configuration reviews. The overall objective of security testing is to identify exposures and vulnerabilities that could be exploited by attackers to compromise the security of information assets.

Digital Assurance specialises in security testing and provides tailored services designed to assess the security of devices, systems, applications right up to entire organisations and infrastructures.

Digital Assurance employs a multidisciplinary security assessment team with skills and experience in a wide range of technologies, products and environments. All of our security testing team has a grounding in either support, development or other aspects of operational IT which helps to give us insight into of the systems the organisations that engage us and means we can provide balanced opinion and practical recommendations. All of our testers are subject to employment screening and all undergo HMG National Security Vetting to SC or above with technical certification through either the TIGERScheme or CREST accreditation processes.

All security testing engagements are planned and scoped prior to commencement and a typical engagment will feature aspects of one or more of the following security assessments:

Applications

Security testing of both web and traditional thick client applications to identify exposures and vulnerabilities that affect the application and associated data.

VPN & RAS Testing

Assess the security of VPN and Remote Access solutions to ensure that security controls operate as expected and that communications and systems are secured correctly against attack.

Mobile Device Security Review

Security testing of a range of mobile devices to ensure that data is safe in the event of loss of theft of equipment, typically applied to laptops, smart-phones and tablet devices.

Secure Code Review

Gain high levels of assurance by subjecting applications to a security review of the source code to identify exposures and vulnerabilities and verify that the application behaves as expected with no unauthorised functionality.

Infrastructure

Security testing of network and system infrastructure to identify security weaknesses in network controls and host security that may lead to compromise.

Penetration Testing

Highly tailored intrusive security testing designed to mimic various classes of threats and determine the extent to which an attacker can penetrate a system.

CHECK IT Health Check

Digital Assurance is an experienced "Green Light" CHECK provider accredited by CESG to undertake IT Health Checks on government systems.

Digital Product Assurance - DPA

Digital Product Assurance (DPA) goes far beyond compliance and claims based testing by subjecting digital products to aggressive, real-world attacks. Identify and understand security flaws in your digital product before somebody else does.

Automation Systems Security

Automation Systems Security

Digital Assurance offer a number of specialised assessment services which focus on automation systems such as process control systems (PCS/DCS), SCADA components, field devices/controllers and system communications. Our specialist assessment services have been developed to provide customers with assurance that security measures around automation systems are appropriate, robust and effective whilst identifying where and how improvements may be made.