IT Audit helps organizations to understand their technology risks and how to control them -in fact, for contemporary businesses IT Audit is the opportunity to achieve business goals in a rapidly changing technological environment.
TMC LLC offers to its’ customers IT Audit Service contains following proceedings:
Network Perimeter Audit
- Identity and Access Management Audit
- Configuration Management
- Web application audit (OWASP)
- Perimeter (Network Traffic flow) Audit
- Application architecture Audit
- DevSecOps Audit (Quality Gates, Code Coverage, Code Smells )
- Static Code Analysis.
- PKI Audit.
- Log Analytics.
- Cloud Security (AWS IMA )
- Firewall L4-L7 Assessment.
- Storage Hardware
- Server Hardware
- Windows Server
- Linux Server
- Software-Defined Storage
- Network Hardware audit
- Network Topology audit
- Data Center Virtualization (VMware)
- Storage Network
- Wireless infrastructure
1. Coding Standards
- Basic Coding Standards and Coding guidelines
- Error Handling
- No Suspicious Comments
- Copyright and Confidentiality Statements
- Design Patterns
- Logging usage and Logs file rollback strategy
- Usage of Constant/properties file over a Hardcoded text
- No large commented sections
- Basic Api/Frontend/database validations
- Cross-Site Request Forgery (CSRF) prevention
- Application security – Configuration Management
- Application security – Secure Transmission
- Data security
- API/Ui with Critical functionality exposed without any security
- Authentication layer
- Login session/token expiry/validation