• Bespoke and tailored to your needs
  • Highly skilled and experienced consultants
  • Clear and concise reporting
  • Competitive pricing

We offer a wide range of cyber security services, including:

Managed Services

Quarterly Attack Surface Assessment

A quarterly attack surface assessment (also known as a QASA) is a security assessment that helps organizations identify and mitigate potential attack vectors. It is typically conducted on a quarterly basis to ensure that an organization’s attack surface is continuously monitored and updated.

A QASA typically includes the following steps:

  • Asset identification: The first step is to identify all of the assets that are exposed to the internet. This includes websites, web applications, cloud-based resources, and even physical assets that are accessible from the internet.
  • Vulnerability scanning: Once all of the assets have been identified, they are scanned for known vulnerabilities. This can be done using a variety of tools, including vulnerability scanners, penetration testing tools, and open-source intelligence (OSINT) tools.
  • Risk assessment: The results of the vulnerability scanning are then used to assess the risk of each vulnerability. This includes considering the severity of the vulnerability, the likelihood of it being exploited, and the impact that it would have if it were exploited.
  • Mitigation recommendations: Based on the risk assessment, recommendations are made for how to mitigate the identified vulnerabilities. This may include patching vulnerabilities, implementing security controls, or changing the configuration of assets.

Variations of the following services are included:

A QASA can help organizations to improve their security posture by identifying and mitigating potential attack vectors. It can also help organizations to comply with security regulations, such as the Payment Card Industry Data Security Standard (PCI DSS) and the General Data Protection Regulation (GDPR).

Woodsec’s QASA experts will assess an organization’s attack surface for potential vulnerabilities, and provide recommendations on how to mitigate the identified risks.

Penetration Testing

Infrastructure

External Infrastructure Assessment

An external infrastructure assessment is a security assessment that focuses on the security of an organization’s external infrastructure. The goal of an external infrastructure assessment is to identify and mitigate security risks that arise from the organization’s internet-facing systems and networks.

An external infrastructure assessment would typically focus on the following areas:

  • Port scanning: This involves scanning the organization’s external IP addresses for open ports. Open ports can be used by attackers to gain access to the organization’s systems.
  • Vulnerability scanning: This involves scanning the organization’s external systems for known vulnerabilities. Vulnerabilities can be exploited by attackers to gain access to the organization’s systems.
  • Web application scanning: This involves scanning the organization’s web applications for known vulnerabilities. Web applications can be exploited by attackers to gain access to the organization’s systems or data.
  • Email security: This includes checking for insecure email configurations, such as open relay servers and poor spam filtering.

Woodsec’s external infrastructure assessment experts will review an organization’s external infrastructure for potential vulnerabilities, and provide recommendations on how to mitigate the identified risks.

Internal Infrastructure Assessment

An internal infrastructure assessment is a security assessment that focuses on the security of an organization’s internal infrastructure. The goal of an internal infrastructure assessment is to identify and mitigate security risks that arise from the organization’s internal systems and networks.

An internal infrastructure assessment would typically focus on the following areas:

  • Network security: This includes checking for insecure network configurations, missing security patches, and other vulnerabilities that could be exploited by attackers.
  • Host security: This includes checking for known vulnerabilities in operating systems, applications, and other software that is installed on the organization’s internal systems.
  • Data security: This includes checking to ensure that sensitive data is properly protected, both at rest and in transit.
  • Physical security: This includes checking to ensure that the organization’s physical infrastructure is secure, such as its perimeter security, access control, and physical security measures for sensitive areas.

Woodsec’s internal infrastructure assessment experts will review an organization’s internal infrastructure for potential vulnerabilities, and provide recommendations on how to mitigate the identified risks.

Firewall Configuration Review

A firewall configuration review is a security assessment that focuses on the configuration of a firewall. The goal of a firewall configuration review is to identify and mitigate security risks that arise from misconfigurations.

Woodsec offers firewall configuration review services to help organizations ensure that their firewalls are configured securely. Woodsec’s firewall security experts will review an organization’s firewall for potential vulnerabilities, such as:

  • Insecure rules: These vulnerabilities allow attackers to bypass the firewall and gain unauthorized access to an organization’s network.
  • Outdated firmware: These vulnerabilities allow attackers to exploit known vulnerabilities in the firewall.
  • Insecure management interfaces: These vulnerabilities allow attackers to gain unauthorized access to the firewall’s management interface and make changes to the firewall’s configuration.

Woodsec will also provide recommendations on how to mitigate the identified risks.

Build Review

A build review is a security assessment that focuses on the security of a software build. The goal of a build review is to identify and mitigate security risks that arise from the software’s development process.

In the context of Windows and Linux operating systems, a build review would typically focus on the following areas:

  • Operating system configuration: This includes checking for insecure default settings, missing security patches, and other configuration errors.
  • Software installed on the operating system: This includes checking for known vulnerabilities in third-party software, as well as software that is not essential for the operating system to function.
  • File permissions: This includes checking to ensure that sensitive files are not accessible to unauthorized users.
  • Application security: This includes checking for known vulnerabilities in applications that are installed on the operating system.

Woodsec offers build review services to help organizations ensure that their Windows and Linux operating systems are secure. Woodsec’s build review experts will review an organization’s operating systems for potential vulnerabilities, and provide recommendations on how to mitigate the identified risks.

Wireless Assessment

A wireless assessment is a security test that aims to identify and exploit vulnerabilities in a wireless network. The goal of a wireless assessment is to help organizations improve the security of their wireless networks and reduce their risk of being attacked.

Woodsec offers wireless assessment services to help organizations identify and mitigate security risks in their wireless networks. Woodsec’s wireless security experts will assess an organization’s wireless networks for potential vulnerabilities, such as:

  • Weak passwords: These vulnerabilities allow attackers to gain unauthorized access to a wireless network by guessing or cracking the passwords used to authenticate users.
  • Insecure encryption: These vulnerabilities allow attackers to eavesdrop on wireless traffic and steal sensitive information.
  • Misconfigured access points: These vulnerabilities allow attackers to gain unauthorized access to a wireless network by exploiting weaknesses in the configuration of access points.

Woodsec will also provide recommendations on how to mitigate the identified risks.

Wireless Configuration Review

A wireless configuration review is a security assessment that focuses on the configuration of wireless devices. The goal of a wireless configuration review is to identify and mitigate security risks that arise from misconfigurations.

Woodsec offers wireless configuration review services to help organizations ensure that their wireless devices are configured securely. Woodsec’s wireless security experts will review an organization’s wireless devices for potential vulnerabilities, such as:

  • Insecure default settings: These vulnerabilities allow attackers to gain unauthorized access to wireless devices by exploiting insecure default settings.
  • Outdated firmware: These vulnerabilities allow attackers to exploit known vulnerabilities in wireless devices.
  • Insecure configurations: These vulnerabilities allow attackers to gain unauthorized access to wireless devices by exploiting weaknesses in the configuration of the devices.

Woodsec’s wireless assessment and configuration review services can help organizations to improve the security of their wireless networks and devices and reduce their risk of being attacked.

Application

Web Application Assessment

A web application assessment is a security test that aims to identify and exploit vulnerabilities in a web application. The goal of a web application assessment is to help organizations improve the security of their web applications and reduce their risk of being attacked.

Woodsec offers web application assessment services to help organizations identify and mitigate security risks in their web applications. Woodsec’s web application security experts will assess an organization’s web applications for potential vulnerabilities, such as:

  • Injection flaws: These flaws allow attackers to inject malicious code into a web application, which can then be used to gain unauthorized access to the application or the underlying data.
  • Authentication and session management flaws: These flaws allow attackers to gain unauthorized access to a web application by bypassing the authentication process or exploiting weaknesses in the session management mechanism.
  • Cross-site scripting (XSS) flaws: These flaws allow attackers to inject malicious code into a web application, which can then be used to steal cookies or other sensitive information from users.
  • Security misconfigurations: These flaws can arise from a variety of factors, such as incorrect configuration of web application software or insecure default settings.

Woodsec will also provide recommendations on how to mitigate the identified risks.

Woodsec’s web application assessment services can help organizations to improve the security of their web applications and reduce their risk of being attacked.

Web Services Assessment

A web services assessment is a security assessment that focuses on the security of web services. Web services are software components that provide access to functionality over the internet. They are often used to expose business logic or data to external applications.

The goal of a web services assessment is to identify and mitigate security risks that arise from the design, development, and implementation of web services.

A web services assessment would typically focus on the following areas:

  • Security misconfigurations: This includes checking for insecure default settings, missing security patches, and other configuration errors.
  • API design flaws: This includes checking for flaws in the design of web services, such as the exposure of sensitive data or the lack of input validation.
  • API implementation flaws: This includes checking for flaws in the implementation of web services, such as the use of insecure coding practices or the lack of authentication and authorization.

Woodsec’s web services assessment experts will assess an organization’s web services for potential vulnerabilities, and provide recommendations on how to mitigate the identified risks.

Mobile Application Review

A mobile application review is a security assessment that focuses on the security of mobile applications. Mobile applications are software applications that are designed to run on mobile devices, such as smartphones and tablets.

The goal of a mobile application review is to identify and mitigate security risks that arise from the design, development, and implementation of mobile applications.

A mobile application review would typically focus on the following areas:

  • Security misconfigurations: This includes checking for insecure default settings, missing security patches, and other configuration errors.
  • Testing: This includes testing mobile applications for vulnerabilities, such as buffer overflows and SQL injection.

Woodsec’s mobile application review experts will assess an organization’s mobile applications for potential vulnerabilities, and provide recommendations on how to mitigate the identified risks.

Cloud

Cloud Configuration Review

A cloud configuration review is a security assessment that focuses on the configuration of cloud-based systems and applications. The goal of a cloud configuration review is to identify and mitigate security risks that arise from misconfigurations.

Woodsec offers cloud configuration review services to help organizations ensure that their cloud environments are secure. Woodsec’s cloud security experts will review an organization’s cloud configuration for potential vulnerabilities, such as:

  • Insecure access controls
  • Unused or misconfigured cloud resources
  • Insecure data storage
  • Insecure network configurations

Woodsec’s cloud configuration review services can help organizations to improve the security of their cloud environments and reduce their risk of being attacked.

Attack Simulation

OSINT Risk Assessment

Open-source intelligence (OSINT) is the collection and analysis of publicly available information. OSINT can be used by attackers to gather information about an organization’s systems, networks, and employees. This information can then be used to launch attacks, such as phishing campaigns or social engineering attacks.

An OSINT risk assessment is a security assessment that focuses on the risks posed by OSINT. The goal of an OSINT risk assessment is to identify and mitigate the risks that arise from the organization’s public presence.

An OSINT risk assessment would typically focus on the following areas:

  • Websites: This includes checking for publicly available information on the organization’s website, such as employee names, contact information, and internal network diagrams.
  • Social media: This includes checking for publicly available information on the organization’s social media accounts, such as employee posts, photos, and videos.
  • Public records: This includes checking for publicly available information in government records, such as business filings and court documents.

Woodsec’s OSINT risk assessment experts will assess the organization’s public presence for potential vulnerabilities, and provide recommendations on how to mitigate the identified risks.

Social Engineering

Social engineering is the art of manipulating people into doing things they would not normally do, often for malicious purposes. In the context of penetration testing, a social engineering service is a service that helps organisations to identify and mitigate their social engineering risks.

This assessment involves Woodsec’s team of social engineers simulating real-world social engineering attacks against an organization’s employees. This helps to identify the employees who are most vulnerable to social engineering attacks, and to develop training programs to mitigate these risks.

By offering social engineering services, Woodsec helps organizations to protect themselves from one of the most common and effective methods of cyberattack.

Red Teaming

Red teaming is a security exercise in which an independent team simulates an attack on an organization’s systems and networks. The goal of red teaming is to identify and exploit vulnerabilities in an organization’s security before they can be exploited by real attackers.

Woodsec offers red teaming services to help organizations assess their security posture and identify areas for improvement. Woodsec’s red team is comprised of experienced security professionals who have a deep understanding of the latest attack techniques. Woodsec’s red team will simulate a real-world attack on an organization’s systems and networks, using the same techniques that real attackers would use. This allows Woodsec to identify vulnerabilities that may not be detected by traditional penetration testing methods.

The benefits of red teaming include:

  • Identifying and exploiting vulnerabilities that may not be detected by traditional penetration testing methods.
  • Providing organizations with a realistic assessment of their security posture.
  • Helping organizations to develop and implement effective security controls.

Woodsec’s red teaming services can help organizations to improve their security posture and reduce their risk of being attacked.