One of our clients, a software development company, needed the help of an information security auditor with extensive knowledge in VAPT (Vulnerability Testing and Penetration Testing).
Their product required identification and further neutralization of any vulnerabilities and/or possible loopholes which could pose an internal or external threat to their data and system.
addition, this client also needed an ISO27001 certification.
Performed VAPT on both their product, as well as their network
Brought to their attention, OWASP Top 10 security risks, SANS Top 25 Software Risks, WASC, OSSTMM, plus some not-so-known vulnerabilities.
Developed information security policies, implemented information security controls , performed IT Security audit for the protection of the data and the infrastructure - all of this, with respect to ISO27001, until they obtained their own certification.