Audit & Pentest

Certified ISO27-Useful

Even if standards are a real progress in the security domain, we always prefer to use OPMD attitude in our audits: not willing to act when the “stamp” is the only goal, our consulting’s DNA add a true value in collaborative audits where improvement of the security level is the main objective.

OPMD methodology remains the same when doing technical (architecture, pentest) or functional audit (organizational & physical): to rely on our global expertise in security and our multiple skills to assist our clients from start to finish, including in futures stages if necessary (continuous improvement plan, bug fixing, remediation, etc.)

PASSI certification

OPMD is become PASSI certified company (a qualification issued by the ANSSI for trusted providers in Audit) over all domains.

This qualification demonstrates OPMD investment, not only for its audit offer but also in a more comprehensive manner, alongside the Agency to help companies to protect themselves.
OPMD continues its investments for the coming qualifications (PRIS & PDIS) in order to offer French companies a viable alternative to big players, for more down to earth budgets.

Pentest by OPMD

OPMD proposes technical audits like “Pentest” on systems, networks and applications (Web) environments, in black, grey or white box, from outside or inside our clients’ information system. Starting from a target, OPMD present, in a technical report, all the vulnerabilities classified by risk level and the measures to implement in order to fix them. The methodology used for “web-oriented” audits is based on the OWASP Testing Guide, and on PTES (Penetration Testing Execution Standard) for larger audits.

OPMD added value on technical audits consists in our team ability to go beyond a basic test: we do indeed consider that our customers can expect, from a security expert, more than a simple report issued by an automated tool.

We adopted a method oriented towards risk analysis and identification, encouraging a “business” approach rather than a technical approach.