Audit & Assessment

Security audits

Penetration testing and comprehensive risk assessments.

Audit & Pentest Services

A complete range of audits to assess and strengthen your security posture

Popular
2-4 weeks

Infrastructure Audit

Full assessment of your network infrastructure, servers, firewalls and security configurations aligned with NIST and CIS benchmarks

Deliverables:

Network architecture analysis and segmentation review
Server configuration review against hardening standards
Firewall and filtering rule review and optimization
Security log analysis and centralization assessment
Network segmentation and VLAN isolation tests
Backup and disaster recovery verification
Executive and detailed technical reports with action plan
Advanced
1-3 weeks

Penetration Test (Pentest)

Real-world attack simulation by OSCP/CEH certified experts to identify exploitable vulnerabilities and test defenses

Deliverables:

External and internal reconnaissance and information gathering
Advanced vulnerability scanning and manual testing
Controlled exploit attempts with client approval
Privilege escalation and lateral movement attempts
Social engineering tests (optional) and physical security
Report with proof of concepts and attack chains
Prioritized remediation recommendations and remediation support
Essential
1-2 weeks

Bill 25 Compliance Audit

Complete assessment of your compliance with Quebec's Bill 25 on data protection and privacy

Deliverables:

Analysis of personal data flows and inventory
Privacy policy review and alignment with Bill 25
Consent evaluation and documentation
Incident register verification and process
Security measures analysis against framework requirements
Detailed compliance plan and remediation roadmap
Bilingual document templates and policy examples
1-2 weeks

Application Audit (Web/Mobile)

In-depth security analysis of your web and mobile applications following OWASP Top 10 and secure coding standards

Deliverables:

OWASP Top 10 vulnerability tests and assessment
Source code analysis (SAST) and architecture review
Dynamic testing (DAST) and runtime analysis
API security evaluation and threat modeling
Authentication and session management testing
Business logic vulnerability identification
Report with vulnerability POCs and secure coding guidance
1-2 weeks

Cloud Audit (AWS, Azure, GCP)

Security assessment of your cloud environments and configurations aligned with CIS Cloud Benchmarks

Deliverables:

IAM configuration review and privilege analysis
Storage bucket and database access control evaluation
Security group and network policy review
Encryption verification (in-transit and at-rest)
Logging, monitoring and audit trail assessment
CIS Benchmark compliance scoring
Cloud-specific optimization and cost-benefit recommendations
2-4 weeks

ISO 27001 / SOC 2 Audit Prep

Comprehensive assessment of your readiness for ISO 27001 certification or SOC 2 Type II examination

Deliverables:

Gap analysis against ISO 27001:2022 or SOC 2 criteria
Control implementation assessment and maturity scoring
Documentation completeness review and template provision
Remediation roadmap with priorities and timelines
Control testing and evidence gathering support
Training for internal teams on audit requirements
Pre-audit confidence building and audit readiness
Fast
3 days

Express Audit 72h

Rapid identification of critical risks for immediate action and executive visibility

Deliverables:

Advanced automated scanning and vulnerability detection
Critical and high vulnerability analysis and prioritization
Public exposure assessment (dark web, open data)
Baseline security configuration tests
Executive summary report with business impact
Quick wins and immediate actions identified
Included executive debrief and remediation roadmap

Proven methodology

6 steps to assess and strengthen your security posture

01

Initial consultation

Meeting to understand your context, systems, regulatory requirements and concerns. Scope and objectives definition.

02

Scope definition

Define audit scope, target systems, testing boundaries, compliance frameworks and schedule. Client approval and rules of engagement.

03

Information gathering

Passive OSINT and active reconnaissance following approved methodology. Network enumeration, technology identification and attack surface mapping.

04

Analysis and testing

In-depth vulnerability assessment, controlled exploitation, configuration review and security testing. Evidence documentation and impact analysis.

05

Detailed reporting

Complete documentation with executive summary, technical findings, evidence, business impact, risk ratings and prioritized remediation recommendations.

06

Presentation and follow-up

Executive debrief with stakeholders, detailed technical review with IT teams, remediation support and retest of critical fixes.

Certifications

Certified experts

A team combining offensive expertise, governance and compliance with industry-leading certifications

OSCP - Offensive Security Certified Professional (hands-on penetration testing)

CEH - Certified Ethical Hacker (advanced hacking techniques)

CISSP - Certified Information Systems Security Professional (governance and strategy)

CISA - Certified Information Systems Auditor (audit and controls)

ISO 27001 Lead Auditor (compliance and management systems)

GIAC GPEN - GIAC Penetration Tester (advanced offensive security)

Ready to audit your security?

Start with a free assessment and get a prioritized action plan. Includes compliance framework alignment.

Executive report
Prioritized recommendations
Retest included on critical vulnerabilities

Audit & Pentest FAQ

Everything you need to know about security audits

Can't find the answer to your question?

Complementary Resources

Learn more about security, audits, and compliance.

SMB Cybersecurity Quebec

Security strategy and comprehensive audits.

Read more

Prevent Ransomware

Layered defense and threat detection.

Read more

Related Services

Explore complementary services that can help secure your business

Cybersecurity Audit

Comprehensive assessment of your security posture with a detailed report and prioritized action plan.

AuditAssessmentSecurity posture
View service

AI Security

Protection and governance of your AI systems against specialized threats.

AIArtificial intelligenceGovernance
View service

Secure E-commerce

End-to-end security for your online store with PCI-DSS compliance and payment protection.

E-commercePCI-DSSOnline store
View service