Penetration tests

 Intrusive audit

Penetration tests (or pen tests) consist in behaving like a hacker, trying to find potential failures of an information system and to make a real-time intrusion in a system.
Thus, a pen test requires a very high level of technical skills in order to generate a credible result. The SCRT team feels comfortable with the latest hacking practices and has a strong experience in software and applications security audits. The target of an intrusion test is, above all, to give you an advice aiming at improving your security level.

 Semi-automated non-intrusive audit

This kind of audit is not done directly on the network of the customer but on its relevant functions, which the audit will have highlighted.

Advantage of this method : the network of the customer is undisturbed by the audit and remains 100% available. The configuration changes are taken into account at once. We can map on the simulation model (change of OS version, ...). We can change the source on the vulnerabilities side as well as on the setup dump side. The modelling language stays equal, the audits are thus consistent.

Application audit and code audit

As 80% of safety failures happen because of errors (or lacks of memory) while applications are developed, it is very important to write strong and robust codes, especially when the applications work on Internet (Web sites, extranet, VPN, ...). Thanks to our engineers, experts in most of the current languages, and to the tools we have developed, we are able to certify the code of most of the applications. Many incidents also occur because of manipulation errors or breakdowns. Those points are also checked in the software tools approach.