We do our best to respond as quickly as possible
Security Build Review Service
Security
Hardening Services
A consultant lead manual operating system security hardening assessment. Using industry standard benchmarks and OEM best practices.Learn more →
Definition
What is a Security Build Review?
A Security Build Review or a Host Hardening Assessment is a security audit against an operating system or a software configuration, helping ensure it meets industry standard good security practices. With the increase of virtualisation technologies (Docker / VMWare ESXi etc), organisations are replicating operating systems for servers, desktops and mobile devices across their whole network. From a risk prospective, taking time to ensure these images are secure helps prevent security issues being replicated site wide and helps reduce the risk of insecurely configured environments can allow unauthorised access and or data breach. Aptive can review operating systems and software configurations against publicly available benchmarks such as, CIS, SCAP and CESG and OEM / vendor best practices.
Proactively identify the latest vulnerabilties
Our penetration testing services help identify the latest vulnerabilties.
VMware VRealize Network Insight
Remote Code Execution CVE-2023-20887
MOVEit Transfer
Remote Code Execution CVE-2023-34362
Fortra GoAnywhere MFT
Authentication Bypass CVE-2024-0204
WordPress Elementor Lite 5.7.1
Arbitrary Password Reset CVE-2023-32243
Redis Sandbox Escape
Remote Code Execution CVE-2022-0543
GitLab 16.0.0
Path Traversal CVE-2023-2825
CouchDB Erlang Distribution
Remote Command Execution CVE-2022-24706
WatchGuard Fireware AD Helper Component
Credentials Disclosure Critical
Why Perform Security Hardening
Why Performing Regular Security Hardening is Important for Your Organisation
Security Build Review Service
Security Host Hardening Assessments
Linux — security hardening
RHEL — security hardening
Ubuntu — security hardening
Fedora — security hardening
Windows — security hardening
Apache — security hardening
Docker — security hardening
VMWare ESX — security hardening
IoT — security hardening
MSSQL — security hardening
MySQL — security hardening
Webserver — security hardening
NGINX — security hardening
MacOS — security hardening
Firewall — security hardening
Identify Web App Threats
Web Application Penetration Testing
Aptive provide web application security testing using our internal methodology based on the OWASP testing methodology. The service identifies security issues within web apps and provides clear remediation instructions, allowing your organisation to easily fix identified security issues. For more information, see our web app security audit service page.
Web Application Penetration Testing →
Identify Mobile App Threats
Mobile App Security Testing
Aptive’s mobile application security testing is a deep dive security assessment against iOS and Android apps, to help identify potential security issues, logic flaws or vulnerabilities.
Mobile App Security Testing →
Identify Internal & External Infrastructure Threats
Network Penetration Testing
Aptive are a penetration testing company providing internal or external web & network penetration testing services, which identifies and quantifies security issues in an easy to understand report.
Network Penetration Testing →
PCI DSS Penetration Testing Service
Meet your PCI DSS certification requirements with our manual penetration testing service.
Client Testimonials
Reviews from our clients
"We hired Aptive to perform an in-depth mobile application penetration test based on the OWASP MASV standard. Aptive provided an easy to understand report and were on hand to help with any developer follow up questions."
"Aptive conduct regular penetration testing of our web applications as part of our on-going cyber security testing commitment. We chose Aptive as we required a manually performed penetration test conducted by a certified web application penetration tester. The delivered reports are always professional, concise and make it easy for both stake holders and developers to understand.”
"The team at Aptive provided excellent advice and demonstrated a large depth of knowledge regarding security aspects and vulnerabilities within our environment. We were very pleased with the level of effort and advice given throughout the engagement. In addition to providing a comprehensive report, Aptive clarified issues directly with our development teams to ensure identified issues were correctly understood. Allowing our team to perform remediation on any discovered issues."
"Aptive performed a manual web & mobile app penetration tests against our CryptoCurrency wallet applications. Aptive's team worked closely with our internal developers and went above and beyond to deliver detailed issue explanations with actionable remediation advice during the development stage of our apps."
Learn More
Learn More About Penetration Testing
LLMNR / NBT-NS spoofing attack: how to use LLMNR & NetBIOS poisoning to capture credentials from the network using Kali + Responder.py and how to fix LLMNR & NBT-NS (NetBIOS) spoofing / poisoning attacks.
Local File Inclusion (LFI) explained with examples, and learn how to perform security testing for LFI vulnerabilities. The intent of this document is to assist with web app security assessments engagements by consolidating research for LFI testing techniques. LFI vulnerabilities are typically discovered during application assessments or penetration testing using the techniques contained within this document.
An overview on what the SameSite cookie attribute is, and if it provides sufficient protection against CSRF on it's own without other mitigations.
The definitive guide for SSL / TLS security testing by Aptive. This article documents the process of using semi automated tools to perform SSL & TLS security assessments and how to validate the tool findings using manual testing methods. The aim is to optimise the TLS & SSL security testing process when performing pen testing to optimise the time spent on TLS security testing.
What is Unrestricted File Upload Testing and how to test for Unrestricted File Upload Vulnerabilities including filter bypass techniques for Windows, Linux, Apache and IIS.
An overview of what SQL Injection is, understand the attack, and the potential risk to your organisation.
