Vulnerability Assessment & Penetration Testing (VA-PT)

Activities carried out by an appropriate business impact assessment and proper recovery plan recommendations, based on key standards and best practices (non-exhaustive list of examples):

  • OWASP v4 for analysis on web applications
  • OWASP Mobile Security Testing Guide
  • ISECOM OSSTMM 3.0 for some safety checks
  • NIST CSRC indicating IT security best practices

The VA-PT service is offered for many areas, including:

  • Industrial automation: SCADA and IoT systems
  • Automotive: safety analysis of communication interfaces exposed by the on-board computer
  • MMobile Application, with reverse engineering of the code
  • Web application

IMQ has the first laboratory accredited by Accredia, in terms of vulnerability assessment for tests on trust service provider infrastructure regarding trust services according to the European regulation on eIDAS digital identity, and according to national regulations on legally compliant digital preservation and on SPID (digital identity).

Source code security audit (code review) of HW/SW products.

Among the penetration testing we also point out those related to phishing, useful to verify the end user susceptibility to actions required by the attackers. The testing is conducted through simulated phishing campaigns sent to all users in your organization or to a selected control group.

 Management system certification is the endorsement enjoyed by organisations that have chosen to equip themselves with efficient management systems and suitable skills and structures, aimed at continuous improvement. And the higher the prestige of the awarding body, the higher the value of the guarantee. Equipped with state-of-the-art technology, our laboratories have full capability to put products through all the checks required by the major European directives and international standards. The certifications issued by IMQ are synonymous with trust. They guarantee safety, performance, efficiency and quality standards. More than 10,000 companies have turned to IMQ to certify their products and stand out on the market. Notified body for the main EU directives, IMQ offers tests and CE certifications to assess the conformity of the products to the requirements required to be marketed on the European market. Inspections and audits validate the conformity of electrical installations, equipment, supplies and services with the applicable technical and legislative specifications. IMQ is leader in Europe in the conformity assessment activity, technical partner chosen by Ministries and Authorities for market control purposes. IMQ is a brand recognized by the market as a synonym of safety and quality, and an internationally recognized partner, a valued member of the main international regulatory work groups. All IMQ personnel are required to strictly observe professional secrecy. IMQ has been working for 70 years trying to anticipate the future, to make the present safer.