The black box intrusion test simulates an attacker deciding or having the mission to “attack” you. We start the intrusion test with the minimum amount of information, try to determine a perimeter, then validate with you the identified elements before launching more offensive tests.
During an intrusion test in white box mode, you give us the entire perimeter at the start of the service.
ITrust mobilises experienced auditors for security audit operations who have also carried out projects to study, implement and put technical infrastructures into operation. These consultants are men and women of the art, i.e. engineers first trained in the technical fields of infrastructures, who have the ability to formulate in real time a diagnosis of technical faults, and to immediately propose architecture recommendations and proposals for technical solutions for resolution or circumvention.
Generally speaking, our approach is a compilation of best audit practices: OSSTMM for the network and system part and OWASP for the web application part. ITrust is co-founder of the FPTI (Federation of Intrusion Testing Professionals).
Quality above all!
Our engineers are experienced to be part of the Itrust RedTeam (Team of Experts). They are all on permanent contracts and based in France. We refrain from using external engineers except in exceptional cases with the agreement of our clients.
Strong commitment to the PASSI standard and the OIVs
Within the framework of the protection of the French information heritage and the flagships of the industry, ITrust is engaged in a certification process with respect to ANSSI
– CSPN for the development of its IKare tool (security level measurement, control of the presence of vulnerabilities, asset management),
– PASSI for service activities.
ITrust is notably labeled France Cyber Security.
Our capital is exclusively French.
Our engineers are based exclusively on French territory.
Independence, ethics and maintenance of competence
In order to guarantee an irreproachable quality in its services, a total independence with regard to external editors and service providers, ITrust ensures :
⇒ To be totally independent of third party publishers and service providers:
– ITrust’s capital and services are completely independent of the publishers and
integration providers. (Cf. integrity charter);
– Our charter of values implies total independence in our services and our recommendations.
⇒ To have defined and implemented quality requirements through :
– His Man 3 Method;
– Its charter of values, signed by all its collaborators;
– Its integrity charter.
⇒ Participate actively in the ISO27001, EBIOS, RGS working groups in particular through its membership in groups such as :
– PRISSM, Think tank of cybersecurity professionals;
– Club 27001;
– European Security Circle.
– ECSO (European Cybersecurity Organisation)
⇒ Participate in conferences as an exhibitor and as a speaker leading interventions on specific safety topics, for example :
– Bot Conf 2014,2018 ;
– Defcon/Blackhat Lasvegas 2009, 2018;
– CRIP 20XX;
– National Assembly: Cloud and security expertise.
Code of Ethics
ITrust has a charter of ethics which states in particular that :
– Audit services are performed with loyalty, discretion, impartiality and independence;
– The auditors use only the methods, tools and techniques validated by ITrust;
– The auditors undertake not to disclose, including to other auditors not involved in the audit, any information obtained or generated in the course of the audits unless authorised by the audit client;
– The auditors shall report to the audit client any manifestly unlawful content discovered during the audit;
– The auditors undertake to comply with the law, the regulations in force as well as good practices related to the audit (ISO 19011);
– All auditors sign the ethics charter.