IT Security, Application Penetration test, Security Posture review, Code review

1. Portcullis Company
Overview
Eric Christenson – Director of
Sales North America
Oliver Gruskovnjak – Director of
Penetration Testing Services
Portcullis Security Inc.
www.Portcullis-Security.com
http://labs.portcullis.co.uk/

2. Company Background
•Established in 1986 •Our Client Base Incorporates:
•Security Testing Services Launching – Central & Local Government
in 1992 – Health Care, Financial Services
– Technology and Gaming
•Over 60+ Staff including 38+ – Utilities and Transportation
Experienced Consultants: – Banking
– Quick response – Non-Profit/Charity
– Large detailed projects can be
delivered in shorter timescales •Accreditations and Experience
– Flexibility – CREST (Founding Members)
– OWASP Members
•3 Office Locations – PCI Accredited
– US Headquarters San Francisco, Ca
– UK HeadQuarters & Forensics
Laboratory (Pinner, Middlesex)
•Staff Located Worldwide

3. Services
• Security Testing and Auditing
•Consultancy, Training and Knowledge
Transfer

4. Security Testing and Auditing Services
– External or Internal Infrastructure – Build Reviews
Assessment – i.e. Penetration Testing > Desktop, Laptop, Server,
and Vulnerability Testing Database etc
– Web Application Assessment – Router Assessment
– Binary Application Assessment – Firewall Assessment
– Web Service Assessment – Switch Assessment
– Code Review – External or Internal Host Assessment
– PCI Security Testing – Data Exfiltration Assessment
– Layer 2 Traffic Analysis – Citrix Assessment
– DOS Assessment – VPN Assessment
– Social Engineering – Mobile Device Assessment
– Information Disclosure Review – VoIP Assessment
– Wireless Assessment – BlackBerry Assessment
– Wireless DoS Assessment – IOS Assessments (iPhone, iPad etc)
– PCI DSS Services – Android Assessment

5. Consultancy, Training and Knowledge Transfer
Consultancy Services Training and Knowledge
Includes: Transfer Includes:
– Risk Assessment and – Application Development
Review – System Hardening
– GAP Analysis of – Security Testing
Compliance – Build Reviews
– Management Summary – Bespoke Training
Reporting
– Best Practise Reviews – Presentations
> Documentation / – Test Observation
Policy
> Architecture
> Topology
– Research Projects

6. Reporting Formats
•Security Fault Notice Verbal /Email Report
•Summary Report
•Technical Report
•Email Support
•Management Summary
•Report Presentation / Conference Call
•Knowledge Transfer

7. Why Choose Portcullis?
•Reputation – References and Case Studies
•Experience – Over 5,000 tests in last 5 years
•The Team – One of the largest CHECK and CREST testing teams
•Research & Development –
– Keeping up to date and increasing awareness - http://labs.portcullis.co.uk/
– Balancing testers time – 75/25
•Quality Of Service Through
– Scoping Process
– Reporting
– Staff Levels
– Quality Checks
– Formalised Procedures
•Longevity, Stability and Independence – Same ownership throughout
•Peace of Mind – Further Processes and Procedures to become ISO27001

8. Scoping, Timeframes and
Actions
Portcullis Security Inc.
505 Montgomery Street San
Francisco, Ca 94111