EasyAudit offer unique features, both in terms of actual, technical security, and in terms of risk management and compliance. The service we offer is one of the most complete on the market in it's price range.
You don't need to be an expert to use and benefit EasyAudit. The process is simple as: Order, Pay and Get the Report. The report is itself a little piece of art, still continuously improving, the result of more than 10 years of experience in the field.
Your data is safe, no Cloud, no SaaS
EasyAudit is not a Software As A Service and it doesn't run in the Cloud. While this could sound strange nowadays you can trust us when we say that this is a great advantage. Your data never leaves the ISGroup datacenter, our private Cloud and the workstation of the Penetration Tester who is executing your audit.
Divide et impera
Our document is divided in three clearly distinct sections (the Executive Summary, the Technical Summary and the Vulnerability details or Appendix section), developed with three clearly different recipients in mind.
One for the Board and Management, one for the IT Manager and one for your external contractors.
Unbeatable horizontal coverage
Our goal is not to reinvent the wheel. We integrated in our unique workflow the best commercial software money can buy, able to perform 55,000+ vulnerability and configuration checks, inspect your web applications (industry's most advanced and in-depth SQL Injection and Cross Site Scripting testing) and exploit found vulnerabilities.
Our process cover all the 34 Attacks and 17 Weakness specified in the WASC Threat Classification Version 2.0.
We also take care of all the 26 WASC Threat Classification Version 1.0 Classes.
Extreme attention to the most risky and relevant vulnerabilities is paramount in EasyAudit, that's why we have complete support for the OWASP Top 10 2013.
The OWASP Top 10 2010 release is the first one to be designed to include vulnerabilities for both for their pervasiveness and risk, in order to cover less-common, high-risk, vulnerabilities.
Extreme attention to the most common vulnerabilities is paramount in EasyAudit, that's why we continue support for the OWASP Top 10 2007.
OWASP Top 10 2004 is the first release of the famous "Top 10" list of widespread vulnerabilities, and they are still relevant.
While EasyAudit is not a 27001 audit it can help you with your certification. We have specific mappings for the latest version of the standard, the ISO/IEC 27001:2013 release.
We also provide mappings for the older version od the standard, the ISO/IEC 27001:2005 release.
Do and dont's
We try to be really honest about our product, and if you came to this page we can talk technical each-other. If you have any question or need some clarification feel free to write an email to email@example.com. Response is not guaranteed but we do our best. If your question is of commercial nature, write to sales using the address provided on the contacts page.
First of all we want to state some key concepts, probably they are already known to you or are common sense, but repetition helps.
What EasyAudit doesn't mean:
- EasyAudit will not make your website magically secure and proof from hacking, sabotage or insider threats. There is no such thing as complete security and no system can guarantee that. We want to be really clear on this and dislike unjustified hype, that's why the service is called "EasyAudit" and not "HackerSafe" and the trustmark is "EasyAudit Checked" and not "Norton/McAfee Secure", with all the respect for our competitors.
- You will not get the EasyAudit Checked badge by just buying the service. Only if all the identified High and Medium impact risks are resolved during the certification process you are eligible.
- EasyAudit will not improve the security of your systems by itself. It's an audit, and as any audit it identify weakness and issues of the target using objective and proven metrics. Fixing them is your task (still, we will provide useful advice on how to correct issues in the Remediation Plan chapter of the report). Entering in the solution market would be a serious conflict of interest for us.
- The service is not a substitute for professional consultancy penetration testing services, we do that daily at ISGroup as part of our Enterprise Security Services offering. If you want to take the next step we will be happy to assist you. It's also true that a strong baseline security service as EasyAudit will identify most of the known and unknown issues in your web applications and networks, making the life of penetration testers hard and allowing you to get real value from expensive consultancy services.
What EasyAudit does mean:
- Your web or network infrastructure will be checked by experienced penetration testers, assisted by an evolved workflow and best in class technology.
- In order to guarantee an excellent horizontal coverage of issues we integrated and automated in the process some of the most advanced commercial security tools, including well known vulnerability scanners and exploitation frameworks. This alone represents a value of over 10x times the price charged for a single audit, excluding the time, experience and personnel you would need to setup such instruments by your own.