Security Auditing & Penetration Testing
Our penetration-testers are certified Organizational Systems Security Analysts™, Organizational Systems Wireless Auditors®, Organizational Systems Web Application Pentesters™ and OSSTMM Professional Security Testers, and they use the public Open-Source Security Testing Methodology Manual (OSSTMM) as a high-level security-testing framework to guide the client-relationship aspect of a penetration-testing engagement and our customised Methodology for the actual technical-level execution of pentest activities. This ensures that all aspects of a security test are covered, from pre-engagement project scoping and duration-computation to technical execution to report generation and post-engagement closure.
As part of our strict code of auditing ethics, we do not use customer references or name-dropping to impress potential clients or to secure security auditing or penetration testing projects. Imagine if your security auditor publicly announced that you had it do a security test for you, how much trust would you place in that auditor not to reveal more details about your infrastructure setup just to secure a deal?
This code of ethics is considered as best practice in the penetration-testing industry. Suffice to say that both local and foreign government and private sector organizations have engaged us to conduct penetration-testing for them on the basis of not just our technical skill, but also our policy of following best practices when it comes to having to provide references.