Commissum specialise in the provision of quality Commissum information security services to a variety of businesses and government institutions. They have established a reputation for being leaders in the field of information assurance and security, from their early beginnings in 1985. e-testing have worked alongside Commissum on several consultancy projects that require complex and rigorous security testing.

Commissum services include:

Application Testing

Applications are often the most at risk when it comes to an organisation’s security, due to the complexity of most applications, as a result of pressures during development. Commissum’s application testing services can be applied at all stages of a project and include the following features:

  • Testing functions that are exposed to other applications and users
  • Testing vulnerabilities, including the OWASP top ten
  • Testing for resilience to inappropriate data input
  • Code assisted testing
  • Code review
  • Security of sensitive information
  • Coding errors and security flaws
  • Infrastructure implementation for secure operation

Enterprise Application Assurance
Commissum’s Enterprise Application Assurance includes all aspects of security such as; initial requirements analysis, design review, code security and implementation advice. Their security testing can be specialised to be tailored towards a particular application. Commissum’s Enterprise Application Assurance features include:

  • Database security
  • Code Review
  • Development Assurance
  • Training and Mentoring
  • Authorisation and access control
  • Infrastructure security assessment
  • Auditing and monitoring
  • Segregation of duties
  • Host OS hardening
  • Application security testing

Mobile Device Testing and Security

The attributes of mobile devices such as; compactness, functionality, mobility bring risks alongside their benefits and as mobile technology is becoming ever popular for business and personal use, it is essential that all foreseeable risks are mitigated. Commissum offer the following services to do just this;

  • Business case development
  • Develop solution concepts with recommendations
  • Assessment of planned or implemented solutions, plus advice on improvements
  • Recommendations for security architecture, technologies and policies
  • Project security oversight
  • Testing and auditing of existing solutions or devices
  • Individual solutions specific to certain devices

Network Vulnerability Assessment

Commissum provide managed monthly scanning which is designed to follow on from penetration testing and check that the underlying vulnerabilities have been mitigated. Features of Network Vulnerability Assessment are:

  • Checking that issues have not returned after a period of absence
  • Checking that Keys to your critical assets have not been left on display

PCI DSS Testing & Compliance

Commissum provide a range of services to cover all Payment Card Industry Data Security Standard (PCI DSS) testing and scanning requirements. The mandatory testing requirements are as follows:

Quarterly Requirement

  • Test for the presence of access points
  • Internal and external network vulnerability scans

Annual Requirement

  • Web application vulnerability testing
  • External and internal penetration tests annually and after any significant infrastructure or application upgrade or modification

Penetration Testing

Commissum deliver penetration services that include; assessment of network vulnerabilities and their potential exploitation, and then reports comprising of executive level summaries and technical recommendations for the improvement of the security of your network. The phases involved when analysing for vulnerabilities are;

  • Research
  • Enumeration
  • Exploitation
  • Analysis and reporting

Alongside their report, Commissum are also able to provide a follow-up presentation and an interactive workshop.

Intelligence-Led Penetration Testing

Commissum’s bespoke intelligence-led penetration testing service enables organisations to better understand their risk profile. By using information, tactics and techniques employed by likely attackers, Commissum can help discover the resilience of the organisation to genuine attacks. This is done by;

  • Open source research
  • Active malicious campaigns and bad actors and groups will be filtered
  • Threat information available to the Client will be used to plan and focus the testing
  • Formulating a test and plan approach using these details

Wireless Security

The use of wireless networks in your business place may also mean an extension into public places, and so increasing the risk of an unauthorised person accessing corporate networks easily and with less traceability. Commissum adopts a risk-based approach to testing, their services include:

  • Site sweep for rogue wireless devices
  • Regular sweep and test as required be PCI DSS
  • Wireless network configuration review and advice
  • Review and lockdown advice for wireless capable devices
  • Wireless access point penetration testing

Active Directory Assessment

Commissum provide an AD Permissions Audit to ensure Microsoft Active Directory security. This involves Commissum conducting a security-driven investigation into user and administrator permissions. Their approach is to audit membership of groups to assist in:

  • Identifying users in an excessive number of groups
  • Identifying users in legacy groups
  • Identifying users in sensitive groups
  • Identifying users in administrative groups

Commissum will audit access rights on key programs, prioritising users and groups relating to third-party VPN access. This process assists in the following;

  • Identification of excessive rights for executing sensitive server functions
  • Identification of excessive rights to IT support functions
  • Identification of legacy permissions
  • Production of a report on the above, which includes recommendations to address current is-sues, and any high-level recommendations as to future monitoring and management

As a specialist software testing company, e-testing appreciates this highly skilled discipline in a testing life cycle as well as the expert knowledge required to carry out successful projects in security and penetration testing.

We are delighted to partner with Commissum on projects, where we can utilise our complimentary skill sets.

If you would like more information on how e-testing and Commissum can work together to leverage these testing functions at your organisation, please contact us.

About Us