Hispasec's audit team is made up of experienced security professionals with a long history in the sector. Members of the team have security certifications and specialized training for the exercise of their functions.
An audit is not only meticulous work and great responsibility, it is a challenge that we assume, a logical challenge that tests our skill. Our concept of work embraces methodologies such as OWASP or OSTMM leaving space for creativity and craftsmanship. We do not stop at the interpretation of data produced by automated tools. Connect the dots, think side-by-side and refocus problems making new optics produce unique perspectives for each challenge that we are assigned.
It is not enough to point out a problem, a vulnerability or a deficiency. The next step is to correct it and we do not leave you alone in the process. Our mission does not end with the delivery of personalized reports, comparative analyzes or executive summaries. Let us customize a concrete solution for a given problem. Let’s not work face to face, save us a place on your side.
Every need requires a different attention. These are our proposals:
Technical audits, Penetration test, WiFi audit ...
More information
It encompasses those responsible for auditing the entire ISMS process of the company and specifically the 27001 standard.
More information
Our services have a demonstration period available. Please try them. Take the challenge. For HISPASEC, work is an opportunity to compete.
It evaluates the security of the assets that the organization maintains published in Internet. It allows to know how an external attacker sees the servers of the company, what impact can have a possible attack and what measures have to be implemented to correct the security deficiencies.
This type of evidence aims to know how far an external attacker would get if the organization is in his spotlight. It allows to know if it is possible to chain the exploitation of vulnerabilities and breaches in security policies to enter the information systems of the company.
It allowsen us to know the weaknesses of the wireless network. It examines the implementation made and analyzes the problems that can arise from a bad configuration. In addition, possible unauthorized access points are also analyzed. That is to say, those wireless accesses installed without the authorization of the organization and that could serve as gateway to an attacker.
Analysis of the code of both web page applications and any type of native application, regardless of the language used.
Evaluates the security of the internal network of the company. It lets you know how far a malicious user could get with credentials or from a position with greater privileges. In short, it is about determining the damage that could be caused from within the organization.
This type of audit specializes in Web applications. Due to the complexity and criticality of the data and operations they process, Web applications require a unique and differentiated treatment aimed at neutralizing existing vulnerabilities.
Review and analysis of Android mobile applications, iOS, and Windows Phone. Examination of communications, configuration, weaknesses and interaction with system functionalities.
Impossible, even in the case of having an unlimited budget, theThe purpose of an ISMS is to ensure that security risksInformation is known, assumed, managed and minimized byThe organization of a documented, systematic, structured,Repeatable, efficient and adapted to the changes that occur in theRisks, environment and technologies", "ISMS is based on UNE-ISO/IEC 27001:2007.
The implementation of ISMS is an activity of increasing demand in our market and companies are beginning to understand its importance, as has been the case with the implementation of Quality Management Systems (ISO 9000) or Environment (ISO 14000) in the last years.