Our Company Context is an independent security consultancy…

Context is an independent security consultancy, to which many of the world’s most successful financial institutions entrust security evaluations of their most complex applications and architectures. Our consultants sit on industry bodies and are regarded by their peers as thought leaders in the security field. Context is a “Green Light” CESG (CHECK) service provider and a founder member of CREST (the Council of Registered Ethical Security Testers).

Exceptional technical expertise informs all our consultancy work, while a comprehensive approach helps clients attain a deeper understanding of security vulnerabilities, threats or incidents and the implications they may have for the organisation. We then help clients to design and implement preventative and curative security measures tailored to their individual requirements.

Our technical services portfolio sets the standard for the security industry, but we also dedicate significant resources to research and development, the fruits of which are then passed on to our clients, for whom we also often undertake specific R&D projects.

More information

Services We help you identify, measure and manage security risks…

We help you to identify, measure and manage security risks and to meet regulatory, compliance and governance requirements with solutions that integrate business, technology, people and processes. We look beyond short term technology fixes and work to address underlying systemic weaknesses, giving the best return on investment. We strive to find tailored solutions at suitable prices, and to deliver projects that exceed expectations.

Services include penetration and application testing, eCrime investigative services, security architecture and design, software engineering security assurance and a portfolio of training services.

More information

Security Issues Security isn't just about technology, it's about human resources…

Does your company suffer from Neglected Networks?

Most organisations now understand the need for effective external IT security, and have some understanding of basic network defences, including firewalls and de-militarised zones (DMZs) that separate the public internet from internal networks, content filters and intrusion detection systems. But unfortunately, fixing the organisation's IT security isn't as simple as fitting a combination lock on a safe. Networks grow and change in nature and structure, while internet security threats continue to evolve. Regular testing and strengthening of defences are essential to ensure they remain fit for purpose.

More information
Does your company suffer from Inadequate Content Security?

IT security is not just about policing an organisation's perimeter defences and monitoring traffic coming into the organisation's systems from outside, but also about keeping an eye on material leaving the network. A failure to put strong content security systems and policies in place, to prevent inappropriate email and internet use by employees, or to restrict the extent to which contaminated material or executables can circulate within a network, could lead to serious operational, financial or reputational damage.

More information
Does your company suffer from Weak Telecoms Networks?

Securing the telecoms network is as important as protecting the data network, and Context offers a range of services designed to protect against attacks on telecoms. Unsecured telephone PBX, Interactive Voice Response (IVR) and Automatic Call Distribution (ACD) systems could be exploited by external attackers or internal staff intending to perpetrate toll fraud and the theft and resale of long distance call services; or attackers trying to break into an organisation's networks via a back door.

More information
Does your company suffer from Wireless Network Worries?

Wireless networking can bring unprecedented flexibility to many different working environments. But it is not without its risks, particularly if an organisation has not secured wireless networking equipment, or does not know which of their staff are using unsecured laptops or PDAs to connect to the network.

More information
Does your company suffer from People Problems?

Security isn't just about technology, it's about human resources. There's no point having a great security policy in place if people ignore it, and the technology won't be any help if you've left an important server and the data it contains in an unsecured ground floor room, not monitored by security guards or CCTV cameras. Furthermore, how well does your organisation vet prospective employees or contractors? Your network perimeter security may be robust, but can it protect you against rogue cleaning staff with physical access to your systems?

More information
Prev 1 2 3 4 5 Next

CAT Context has been conducting application tests for over twelve years…

Over the 12 years during which Context has been conducting application tests for clients there have been many developments in application security practices. Applications have become more complex, and we have had to expand and enhance testing methods to ensure that we continue to deliver the most thorough assessment possible. In 2007 we identified a need for a new tool designed to test the most complex applications; a tool capable of various different tests as yet unavailable on the market (such as complex authorisation models, testing complex multi-phase forms or heavy Ajax applications). No such tool existed – so we developed one ourselves instead. The result, the Context App Tool (CAT), has become the core application testing tool used at Context.

More information and download

News Latest news from Context Information Security…

Advisory release: Heap Offset Overflow in Citrix ICA Clients

Michael Jordon, one of our security consultants has discovered a vulnerability in the Citrix ICA Client. The Citrix Presentation Server Client (tested on v10.150) does not perform bounds checking on the type field in an ICA "graphics" packet. This lack of checking allows for a remote exploitation of a user that has the client installed.

More information

Website Design : Design by Structure.