We offer traffic sniffing for clients who want full assurance that their product or application is truly encrypted end to end.
We can provide a data capture service, where we position ourselves between the device or application and the user with the aim to intercept and capture the traffic data.
Traffic sniffing involves capturing traffic at a scheduled time and conducting an analysis on the captured information to ensure that the encryption of data in transit is working as it should be.
A mirror or SPAN port on the network is required to allow the traffic capture to be conducted.
This service will give complete assurance that all data end to end is fully encrypted and ensure that at no point during transit data can be intercepted and read in clear-text.
If issues are found these can then be rectified before an attack or security breach occurs.
Armadillo Sec are a CREST certified testing body and we are accredited to operate as a CHECK service provider. All of our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT Level. Our testers are also CHECK Team Leaders (CTL’s) or CHECK Team Members (CTM’s) and are approved to conduct government CHECK testing.
Our team have many years experience conducting a broad range of government and commercial tests and always aim to go the extra mile for our customers.
Frequently Asked Questions
All our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT level.
|CREST Certifications||Certified Testers|
|Practitioner Security Analysts||Yes|
|Registered Penetration Testers||Yes|
|Certified Web Application Testers||Yes|
|Certified Infrastructure Testers||Yes|
Our CREST member status can be viewed, along with the certified tester types we have on the below link:
Our testers are also CHECK Team Leaders (CTL's) or CHECK Team Members (CTM's) and are approved to conduct government CHECK testing.
|CHECK Status||Certified Testers|
|CHECK Team Member (CTM)||Yes|
|CHECK Team Leader (CTL) - Infrastructure||Yes|
|CHECK Team Leader (CTL) - Applications||Yes|
Our CHECK status can be viewed on the below link:
It is recommended that traffic sniffing reviews should be conducted during the design or implementation of new applications or systems.
If major changes are made to the application or system design, then it is recommended that additional testing is conducted. This ensures that any recent changes are not introducing new vulnerabilities into the environment.
Traffic sniffing review prices are based on the number and type of systems that are required to be captured, therefore there is not an off-the-shelf price for a traffic sniffing review.
For each project we will technically scope your requirements and establish the time needed to complete the work. We will then provide a detailed proposal and breakdown of costs and options.
We supply a full build review report, which covers the following:
- Executive management summary - Non technical overview of issues for management board level
- Detailed technical findings - A complete list of all issues identified
- Affected hosts - A list of all hosts affected, including the associated network port
- Policy compliance - A list of all non-compliant settings compared again industry recommendations
- Risk level - Impact, likelihood and overall risk ratings are listed for each issue
- Examples - Output or screenshots to demonstrate the issue
- Recommendations - Recommendations of how to remediate the issues, including any reference to documents that can assist
A sample report can be supplied upon request.
We have a full methodology for all testing services we provide, which is supplied with each project proposal. This outlines the testing steps and all the requirements in order to deliver the test.