Skip to main content
Cyber Security Audit - C3SA CORP

Cyber Security Assessment

The fact is more than 95% of cyber incidents and accidental breaches in Canada could be prevented through proper security assessments, a handful of corrective measures, and solid security management routines. C3SA cyber security assessment services deliver actionable intelligence to build or improve a cyber security program that accounts for specific threats, vulnerabilities and risks to your business.

Compromise Assessment

With the interconnectivity that is required by most modern businesses and the security risk posed, it is no longer a question of when a compromise will take place but how the organization will respond to it. C3SA can help your organisation detect, analyze, respond and recover from compromises conducted by some of the world's most sophisticated Advanced Persistent Threats (APTs) and cybercriminals. By leveraging C3SA's CyberFIRE™ team of expert forensic practitioners, we enable organizations to identify which hosts were impacted by the compromise, what information and data may have been stolen along with the deficiencies, gaps and vulnerabilities that were exploited by the threat actor to orchestrate the breach. Furthermore, we work directly with your Security Operations Center to provide actionable intelligence that can be used to quickly contain and eradicate the threat actor's foothold on your corporate environment.

Threat & Risk Assessment

C3SA specializes in delivering intelligence-based Threat and Risk Assessments (TRA) services that identify, assess and prioritize threats, vulnerabilities and risks to partner/end-client IT systems within the context of Canada's cyber landscape; delivering unique situational awareness and unprecedented cyber risk advice relevant to businesses operating within Canada and across international borders. The output product is a comprehensive TRA report containing actionable cyber security risk intelligence that enables the partner/end-client to make informed decisions when accepting residual risk in safeguarding their organization.

Vulnerability Assessment

Go beyond vulnerability scanning with C3SA Vulnerability Assessment services. See your attack landscape through the eyes of external cyber threats, malicious insiders, and all but the most sophisticated malware. Gain situational awareness of vulnerabilities in your networks and get critical insight to exploitable vectors most likely to be targeted by cyber attacks. Find out how the vulnerabilities materialized in the first place, and learn how to correct and prevent them through practical remediation and mitigation strategies. C3SA arms you with actionable vulnerability intelligence needed to achieve confidence in the cyber security posture that safeguards your business, and ensure you know exactly what it takes for your business to be vigilant in today's cyber threat environment.

    • IT Security Architecture Review
    • Cyber Attack Landscape
    • Critical & Cascading Vulnerabilities
    • Potential Compromises & Anomalies
    • Root Cause Analysis: Process Deficiencies
    • Remediation & Mitigation Strategies
    • Prioritized Safeguard Implementation Plan
    • 30-Day Free Follow-up Vulnerability Scan


C3SA specializes in identifying, documenting and mitigating vulnerabilities for the following types of IT services and assets:

    • Perimeter Defense such as, but not limited to, the configuration, patching and management of firewalls and Intrusion Detection and Prevent Systems (IDPS)
    • Infrastructure Security such as, but not limited to, the configuration, patching and management of Layer 2 and Layer 3 routing and switching (including VLANs) and VoIP telephony
    • Web Services Security to identify common web design flaws (e.g., script injection, Cross-Site Scripting (XSS), SQL injection, inadequate authorization and authentication, sensitive data exposure, Cross Site Request Forgeries (CSRF), etc.)
    • Database Security such as, but not limited to, the configuration, patching and management of all components of a database (e.g., tables, stored procedures, user access controls, authentication, roles and permissions, event retention and logging, encryption, integrity) for all database types (e.g., MySQL, Oracle, Hadoop, Netezza, Accumulo, Cassandra, etc.)
    • Desktop and Mobile OS Security such as, but not limited to, the configuration, patch management of the firmware, OS and deployed applications, security event logging configuration and retention, user authentication, roles and permissions, authorized/unauthorized applications, encryption, malware detection, etc.
    • Wireless and Remote Access such as cryptography, authentication, tunneling and bridging

Penetration Testing

Penetration testing is the art and science behind the formalized and documented process of actively testing an organization's security. By performing the exact same steps that an advanced and sophisticated threat actor such as an APT would undertake against your organization without actually impacting the Confidentiality, Integrity and Availability of the business, Penetration Testing will identify:

    • Missing security patches at all layers (e.g., BIOS, firmware, Operating System, Application)
    • System (e.g., Operating System) and device (e.g., router, switch), database, web site misconfigurations and oversights
    • Improper application safeguards and deficiencies such as insecure authentication, data validation and sanitization (e.g., inadequate password strength, SQL injection, Cross-Site Scripting, etc.)
    • Improper land, wireless and virtual-based network segmentation, filtering and cryptography
    • Gaps in employee IT security awareness and training
    • Any other security requirement that you wish to formally verify and validate


By conducting a Penetration Test against your infrastructure or selected segments, C3SA can provide you with a list of readily-exploitable vulnerabilities, gaps and shortcomings along with clear guidelines and recommendations on how to mitigate and address identified weaknesses to ensure adherence and compliance with relevant corporate policies, industry standards such as ISO27001, CAS(T) and PCI, industry best practices such as those promulgated by NIST, Canada's TBS and CSEC along with various legal requirements such as USA's Sarbanes-Oxley (SOX) and Canada's Privacy Act.

SOC/CSIRT Readiness

An organization's ability to detect a compromise followed by containing and eradicating the presence of a sophisticated threat actor such as an Advanced Persistent Threat (APT) from its environment is only as good as the skill level and proficiency of the security practitioners that are part of an enterprise's Security Operation Center (SOC)/Computer Security Incident Response Team (CSIRT). C3SA can assess the readiness of a SOC/CSIRT by reviewing existing policies, procedures and any prescribed Incident Response plan and/or by leveraging its Penetration Testing Service to identify technical and procedural gaps and deficiencies in its ability to detect and respond to complex cyber attacks.  C3SA will then work directly with the organization's SOC/CSIRT to formulate and implement a comprehensive remedial action plan to further increase their detection capabilities and readiness level in order to mitigate and address future compromises by even the most skilled of APTs.

Secure Code Analysis

Today's devices and embedded software demand secure and resilient code capable of withstanding an ever-increasing cyber threat environment. C3SA partners with Canadian-based manufacturers and product developers to prevent, find and fix vulnerabilities in real-time throughout the Software Development LifeCycle (SDLC); thus, reducing the overall costs of development and ongoing maintenance. In fact, 80% of vulnerabilities and defects can be prevented via threat modeling, defensive coding, and compliance with industry standards alone. The vast majority of the remaining balance is detected, corrected and validated vis-à-vis in-depth source code review as well as rigorous static and dynamic analysis. C3SA Embedded Software Security services provide your business with the assurances needed to develop and maintain secure and resilient products throughout the SDLC.

    • Threat Modeling
    • Source Code Review
    • Static and Dynamic Code Analysis
    • Vulnerability and Defect Remediation
    • Compliance with Industry Standards
    • Continuous Build Monitoring
    • Defensive Programming: Training, Mentoring and Awareness

Technology we Test, Harden and Audit