Red Team or Blue Team?

Hispasec's audit team is made up of experienced security professionals with a long history in the sector. Members of the team have security certifications and specialized training for the exercise of their functions.

Methods and spirit of work

An audit is not only meticulous work and great responsibility, it is a challenge that we assume, a logical challenge that tests our skill. Our concept of work embraces methodologies such as OWASP or OSTMM leaving space for creativity and craftsmanship. We do not stop at the interpretation of data produced by automated tools. Connect the dots, think side-by-side and refocus problems making new optics produce unique perspectives for each challenge that we are assigned.

A problem, a solution

It is not enough to point out a problem, a vulnerability or a deficiency. The next step is to correct it and we do not leave you alone in the process. Our mission does not end with the delivery of personalized reports, comparative analyzes or executive summaries. Let us customize a concrete solution for a given problem. Let’s not work face to face, save us a place on your side.

Types of IT audits

Every need requires a different attention. These are our proposals:


Technical audits, Penetration test, WiFi audit ...
More information


It encompasses those responsible for auditing the entire ISMS process of the company and specifically the 27001 standard.
More information


Our services have a demonstration period available. Please try them. Take the challenge. For HISPASEC, work is an opportunity to compete.

Technical audits

Perimeter Audit

It evaluates the security of the assets that the organization maintains published in Internet. It allows to know how an external attacker sees the servers of the company, what impact can have a possible attack and what measures have to be implemented to correct the security deficiencies.

Intrusion test (Pentest)

This type of evidence aims to know how far an external attacker would get if the organization is in his spotlight. It allows to know if it is possible to chain the exploitation of vulnerabilities and breaches in security policies to enter the information systems of the company.

WiFi Audit

It allowsen us to know the weaknesses of the wireless network. It examines the implementation made and analyzes the problems that can arise from a bad configuration. In addition, possible unauthorized access points are also analyzed. That is to say, those wireless accesses installed without the authorization of the organization and that could serve as gateway to an attacker.

Code Audit

Analysis of the code of both web page applications and any type of native application, regardless of the language used.

Internal audit

Evaluates the security of the internal network of the company. It lets you know how far a malicious user could get with credentials or from a position with greater privileges. In short, it is about determining the damage that could be caused from within the organization.

Web Application Auditing

This type of audit specializes in Web applications. Due to the complexity and criticality of the data and operations they process, Web applications require a unique and differentiated treatment aimed at neutralizing existing vulnerabilities.

Mobile Application Audit

Review and analysis of Android mobile applications, iOS, and Windows Phone. Examination of communications, configuration, weaknesses and interaction with system functionalities.

Management Audits

SGSI audit process

Impossible, even in the case of having an unlimited budget, theThe purpose of an ISMS is to ensure that security risksInformation is known, assumed, managed and minimized byThe organization of a documented, systematic, structured,Repeatable, efficient and adapted to the changes that occur in theRisks, environment and technologies", "ISMS is based on UNE-ISO/IEC 27001:2007.

The implementation of ISMS is an activity of increasing demand in our market and companies are beginning to understand its importance, as has been the case with the implementation of Quality Management Systems (ISO 9000) or Environment (ISO 14000) in the last years.

Copyright © 2021 , HISPASEC. Security. Experience. Innovation.
Todos los derechos reservados.