Penetration Testing7ASecurity offers Mobile, Web and Network penetration tests. These usually range from black box (zero knowledge) to white box (comprehensive code audits).
We welcome points of contact and communication with clients and development teams. During our audits high severity findings are communicated promptly and often resolved before the end of the test.
After a penetration test, 7ASecurity offers fix verification and bespoke developer training services. The assessment does not have to end with the pentest report: Penetration tests often identify training needs in developer teams and knowledge transfer can be part of the package. This ensures that security vulnerabilities are less likely to be introduced in the future.
Security Analysis and Advice7ASecurity provides design, architecture and documentation review services. After all, it is most cost-effective to address security vulnerabilities, limit attack surface and make defence as easy as possible before any code has been written.
Penetration tests are a great complementary tool that can be used later in the development cycle, as this is the only way to verify if the security controls in place actually work.
Incident ManagementHas your website been breached? 7ASecurity has experience reviewing source code and server logs and can help your organisation determine how the site was breached and ensure backdoors have been removed.
7ASecurity also has experience implementing modsecurity rules so your organisation can virtually patch known security issues while more time consuming source code fixes are implemented and tested.
Training and Consulting7ASecurity has extensive experience in training. All of the following options are commonly used: On-site or Online training sessions tailored to the findings of a pentest, webinars, workshops at security conferences and online courses.
Training is often not limited to attack techniques but also includes comprehensive mitigation ideas that focus on attack surface reduction, secure defaults and reliance on frameworks that make writing insecure code more difficult. A good example of this is the comprehensive Practical Web Defense course that 7ASecurity wrote for eLearnSecurity.