Security Reviews

Security reviews are often used when new systems are commissioned and give you an overall picture as to the system’s vulnerability before its eventual go-live date. Frequently, reviews are also used in the initial prototyping stage for a project, so that security features can be incorporated at the earliest possible stage. The results of a security review often determine the final go-live date.

 

Expectations

We will discuss your project, identify possible threats and agree on an analysis approach with you. Security reviews typically entail the following work:

  • Analyzing source code
  • Provide second opinions on concepts
  • Provide second opinions for setting up new services and infrastructure
  • Provide second opinions on new products and technologies
  • Assess the configuration of security settings
  • Assess hardening of systems exposed to the internet
  • Assess entire systems and system architectures

Carrying out the review

Compass Security works closely together with you when carrying out a security review. All the necessary insider data, test network configuration, system settings and source code is disclosed to us so that we will be able to see the effectiveness of any security measures.

Typically the entire system security is determined based on reviewing these documents, through workshops and interviews with you or by analyzing the configuration or the source code itself. Common security standards or industry usage is the measure we use in reviewing this.

Final report

We provide a report which summarizes the entire system’s security, lists the findings as well as the potentials to improve the overall security. We guarantee that both your tech teams as well as your management teams will be able to make key decisions thanks to this report.

Debriefing

Usually, the key findings are already known to the team in the majority of cases since we identify the findings together with the customer during workshops and interviews. Nevertheless, Compass Security still recommends that a debriefing meeting is held so as to foster a common understanding of the overall security and for future additional work in this area. 

We are more than happy to discuss your personal requirements. Do not hesitate to get in touch.

Your contact person

CALENDAR

Swiss Banking Services Forum (SBSF)

The «Swiss Banking Services Forum» is organized by SIX Group and will take place on May 22. There will also be a panel discussion on Cyber Security... Read more

20 years of Compass Security

We would like to propose a toast with you - to the past exciting 20 years and to the many valuable encounters. Read more

Swiss Cyber Hackathon 2019 / Zurich

Simulating Real World Cyber Scenarios – Educational Cyber Competition of Defending your Environment and Attacking your Opponents Read more

ALL DATES

NEWS

Partner for «Deutschland sicher im Netz»

The registered non-profit association DsiN provides comprehensive and independent information to consumers and businesses on issues of IT security.... Read more

Vulnerability in Vigor2960 DrayTek Router

Lukasz D. has identified an XSS vulnerability in the Web User Interface of the Vigor2960 DrayTek router. Read more

Focus topic at the HSR: Information Security

The HSR University of Applied Sciences Rapperswil focuses on cyber security in education, training and research. In this field there are always points... Read more

ARCHIVES

Compass Security Blog

Windows Forensics with Plaso

Present State of Affairs We have been teaching forensics and network incident analysis for quite a while. We have investigated into a reputable number of cases and we are not the only doing so. Hence,... mehr

XSS worm – A creative use of web application vulnerability

In my free time, I like to do some bug bounty hunting. For some reasons, I’ve been doing this almost exclusively for Swisscom. One of the reason is that the scope is very broad and I like to have this... mehr

ZUM BLOG