L3 Solutions
L3 Solutions
  • Home
  • General Audit Services
  • Technical Audit Services
  • Security Awareness

Technical Audit Services

Approach & Methodology

L3 Solutions is a proven leader in assessing technical control environments. Our unique and innovative approach to vulnerability identification and penetration testing ensures all complete identification of all risks to the computing environment. While most audit firms rely solely on automated tools to perform security assessments, we "get our hands dirty" and perform in-depth manual (non-automated) testing of all systems and applications to ensure complete identification of risks and vulnerabilities.


We base our security assessment methodology on standards defined by regulatory requirements, industry best security practice standards, and risk-based security assessment frameworks, including:

  • NIST Federal IT Security Assessment Framework (800-30)
  • OISSG Information Systems Security Assessment Framework
  • OWASP Web Application Testing Guidelines


We systematically enrich our approach and methodologies through continuous research; field experience; article and whitepaper publication; and organization membership, ensuring the incorporation of emerging technologies; risk management and defense techniques; and  understanding and awareness of evolving physical and logical threats.

Technical Security Assessment

Vulnerability identification is crucial to the security of your  information and the success of your organization. Our security assessment methodology and technical expertise has proven repeatedly  that we excel where others fail.


Assurance and Success


The Technical Security Assessment accomplishes three critical objectives: the security posture of technical IT controls through comprehensive automated and manual testing, provide identification of  all risks to systems, applications, and information, and practical and effective remediation plans. The Assessment also includes an  often-overlooked, and rarely performed, aspect of vulnerability  identification: System and Application Configuration Reviews. By combining automated and manual testing techniques as well as thorough system and application configuration reviews, we guarantee a complete  and appropriate assessment of risk.


Baseline Scope


The baseline Technical Security Assessment evaluates physical  and logical technical control design effectiveness through the following controls testing:

  • Internal and External Vulnerability Identification and Penetration Testing
  • Network Architecture Review
  • System and Application Configuration Review
  • Firewall System and Rule Set Review
  • Intrusion Detection/Prevention System Analysis
  • Antivirus Deployment Review
  • Patch Management Program Review
  • Security and Event Log Monitoring Application and Device Configuration Review
  • Network and Application Access Control Assessment
  • VPN and Remote Access Implementation Analysis
  • Mobile Device and Wireless Networking Assessment (Device and Infrastructure)
  • Network Traffic Analysis
  • Voice over IP (VoIP) Vulnerability Assessment

Web Application Testing

Web applications pose a significant risk to information and security due to their widespread use, generally insecure coding practices, and inherent need for public accessibility; exposing company  infrastructures, data, and customers to unwanted threats.


Assurance and Success


Our Web Application Testing methodology ensures web applications are secure and function as intended and identifies weaknesses in publicly available web applications that an attacker could use to gain  control unauthorized access to information or systems and potentially facilitate an attack on the internal network. A combination of automated and manual assessment techniques are used to ensure application  security and operability.


Baseline Scope


Web Application Testing ensures web applications are tested for compliance with industry best security practices and against the Open Web Application Security Project (OWASP)  Top Ten Security Risks and the CWE/SANS Top 25 Most Dangerous Software Errors. Web applications are  tested for the following security risks:

  • SQL and Operating System Code Injection
  • Cross-Site Scripting & Cross-site Request Forgery (Script/Code Injection)
  • Cookie/Session ID, HTTP Header, and URL Parameter Manipulation
  • Authentication Bypass
  • Authorization
  • Privilege Escalation
  • Code Inspection (Website Pages)
  • Directory/Path Traversal
  • URL Redirection
  • Forms Testing
  • Encryption
  • Vulnerability Identification and Penetration Testing

Copyright © 2021 L3 Solutions LLC - All Rights Reserved.

Powered by GoDaddy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept