Technical audit
Pentest, configuration, partitioning, network, application, secret detection
We assess your technical surface from end to end. Each part of the audit produces evidence, qualifies risks and leads to a prioritized, short-to-execute and measurable action plan.
Pentest
Phishia's pentest offer gives you a clear view of your security flaws. We test your applications and APIs against known faults from Top 10 OWASP authentication and access control, injections (SQL/NoSQL), XSS, SSRF... Then we offer you concrete corrective measures to reduce the risk of incidents. As a result, you gain credibility with your customers and partners.
Configuration
We check the configuration of your equipment: access control rules and permissions, the authorizationsthe kernel/versions, network configuration. We provide clear hardening recommendations to improve the resilience of your systems.
Partitioning
We make sure partitioning your environments production / pre-production / administration / office automation, internal / external access, service providers, etc. The aim is to detect gateways and clean up FireWall rules. You'll leave with an easy-to-read map of zones and flows, priority filtering points and simple rules to reduce lateral movement.
Secret detection
We are looking for keys, tokens and password who are in clear text in scripts, repo, images or logs. Each discovery is qualified and followed by a remediation plan that replaces exposed secrets with secure credentials via the trunk (vault), eliminating any presence of unencrypted passwords. . We then propose light automatic controls to prevent these secrets from reappearing, with a clear follow-up table.
Our blog
Discover the latest news and trends in technical and organizational auditing.
