Since 2002 we have been in the business of protecting our clients’ financial and customer data. As an information security company we use a variety of techniques to prevent and minimise the effect that cyber attacks may have on your organisation.
To ensure that your systems are as unattractive to cybercriminals as possible minimising your cyber security risk landscape.
We provide the highest level of IT security solutions for various sectors both locally and internationally including advisory, penetration testing, vulnerability assessments, red teaming, social engineering and training. When it comes to our reporting, we have, and always will, focus on vendor-independent reporting ensuring an unbiased view of the findings.
As a proud level 2 BBBEE service provider we are invested in the future of South Africa.
A picture speaks a 1000 words, view some of ours here.
Through our security assessments and as part of our research, Telspace Africa's analysts routinely discover zero-day vulnerabilities in a number of software products. We follow our established responsible disclosure policy when communicating with vendors and provide them with detailed technical information, as well as proof of concepts regarding the flaws we find. For a list of our published security advisories please visit our blog.
Telspace Africa regularly presents at high-level goverment and internationally recognised security confrences. We are often interviewed locally and internationally by magazines, television and newspapers.
In this privacy statement, the words below have the following meanings assigned to them:
“aggregate information” is the collective, consolidated information of users of the website that is pooled together and where users are only identified as part of the pool in general terms and are not identified individually.
“data subject” is a person to whom Personal Information relates.
“personal information” as defined in the POPI Act, and in relation to the Data Subject.
“process information” means the automated or manual activity of collecting, recording, organising, storing, updating, distributing and removing or deleting personal information.
“we”, “us”, “our” and “Telspace Africa” means Telspace Africa (Pty) Ltd.
“website” means the internet site with “Telspace Africa” in the address.
“you” and “your” means the user of the website.
We respect your privacy and are committed to safeguarding your Personal Information and keeping it confidential. The objective of this Privacy Statement is to set out how we collect, use, share, otherwise process, and protect your Personal Information, in line with the Protection of Personal Information Act 4 of 2013 (“POPI Act”).
We acknowledge our responsibilities in relation to the integrity, confidentiality and protection of your Personal Information and have taken reasonable technical and organisational measures to prevent unlawful access to, loss, damage, or unauthorised destruction thereof.
We will process your information for different purposes, such as to personalise your experience and to communicate with you about our services and offerings.
We will only use your Personal Information for the purpose required to assist you, or provide solutions to you. We will not share or further process your Personal Information with anyone if it is not required to assist you with your solutions, or unless it is required by law.
We will ensure that your Personal Information is accurate, complete, updated and not misleading by obtaining your Personal Information directly from you.
It is important to note that if you include the Personal Information of other Data Subjects when engaging with us, we will also process their Personal Information for the purposes set out in this Privacy Statement. When you give us Personal Information about other Data Subjects, you confirm that you have received their permission to share their Personal Information with us for the purposes set out in this Privacy Statement or any other related purposes.
We will ensure that any contracted third party with whom we share your Personal Information, agrees to keep your information confidential and appropriately secured.
We will not sell or rent your Personal Information to third parties. The only information about users we will ever disclose to third parties is aggregate information as defined above.
Should you wish to engage with us, or make use of our services or offerings, we do require your acceptance of the terms and conditions of this Privacy Statement.
By visiting the website and receiving electronic information or communication by electronic means, you consent to the website’s agreements, notices and disclosures.
When you engage with us through our website, you consent to the processing of your information for the purposes set out below:
This Privacy Statement may be updated from time to time, and the latest version applies each time that you visit our website. We are not responsible for the content or privacy practices of non-Telspace Africa websites to which our website may refer.
We respect your right to object to, or withdraw your consent for the processing of your Personal Information. If you wish to withdraw your consent to process your Personal Information, or if any of your Personal Information is incorrect, inaccurate or incomplete, please notify us.
You can ask us about the Personal Information that we have about you. If you wish to request this information, a specific application must be completed.
For any of the above queries, you can contact us on the following email address: [email protected]. If we are unable to resolve any questions or concerns you may have, you can approach the Information Regulator.
Continuous Red Team (CRT) testing with Advisory Service gives you a holistic overview of your security posture by conducting various assessments covering a wide scope.
This includes internal and external attack and penetration tests, mobile application assessments, wireless network assessments and social engineering. Advisory Services are often paired with CRT testing in order to assist with transferring valuable skills to your Internal Security and IT Audit staff. These assessments are normally conducted over twelve months.
This agreement is perfect for those with smaller IT budgets, or larger corporates that would like to maintain the work that was done as part of a larger vulnerability assessment. You can utilise consulting hours or days as required, in terms of our service portfolio offerings. This option is done on a month-to-month basis and can include the following services as per your individual needs:
The objective of this service is to identify and report on security vulnerabilities on a wide level to allow you to close the issues, thus raising the level of your security protection overall.
This test is conducted by allowing us complete access to information about the target that would otherwise be unavailable to external intruders, such as targets locations, various network diagrams, and source code. This assessment best simulates an internal attacker/threat could do with information about your systems. A typical engagement includes a standard network topology.
Here we simulate an intruder's view of the target, only information that can be acquired by an actual attacker is used to conduct the test. For example, we only know about your company and what you do no additional information is provided. Blind tests are good assessments but do not take into account insider threat.
This can be considered a variation between a full disclosure and a blind test. Specific information might be disclosed about target(s), but not to the same extent as a full disclosure test. This is often the choice if you require a happy medium.
Our manual web application assessments identify and report on security issues related to online web applications.
Our assessments make use of hands on methods (not tools) and typically we assign one or two security analysts to new engagements.
When a white box assessment is chosen, we review each line of code in a specific web application for various security issues and bugs. This is a tedious task but is often necessary to solve any bugs that would not usually be found when utilising the black box method. The white box assessment usually takes a longer period of time than the black box method, however it is usually more extensive and produces better results.
A more popular method of testing websites is the black box web application assessment. When you choose this option, we do not have access to source code or any information that assists us in finding out exactly how that web application is coded.
Essentially, we do not have access to the way the web application is put together and coded.
This is a more effective attackers view of the web application and is a shorter test in general.
We alway recommend a web application assessment prior to the actual release of the web application. This will allow the client to close serious issues pre-production - it is always better to be proactive about security, as opposed to reactive.
The mobile application assessment services are in many ways similar to our web application assessment services, they are often built on existing web-based components, therefore mobile applications are also susceptible to similar security vulnerabilities.
Our mobile application assessments are a manual, hands on assessment which can be conducted for applications running on operating systems such as iOS, Android, Blackberry OS & Windows Mobile.
We will provide your organisation with insight into how well your applications protect sensitive information. This would include various forms of penetration testing attacks, business logic attacks and identifying vulnerabilities that can be addressed before putting the application into production.
Hire us to mimic your real-world adversaries! Rather us than a real criminal right? Our Red Team assessment is the most realistic and comprehensive assessment that we offer. During these assessments, we find entry points into the organisation by any means possible. Red Team assessments are best if you want to see what techniques real-world adversaries, that aren't constrained by scope, might use.
They are also a great way to test your defenses as only a handful of individuals are aware of the assessment, security teams will be left to react as if it is a real attack.
Why do a Red Team assessment if you already do penetration testing assessments?
When you choose this option the engagement is typically 6 - 12 months. During this time we try various techniques to compromise the organisation e.g. Social Engineering, Web App attacks, access control card cloning, WiFi attacks and many more. Once we achieve our objectives the assessment stops and we come and present the results. This is always an eye-opener for organisations.
This assessment is basically identical to the Traditional Red Team. However it addresses a major concern that clients have and that is that they are vulnerable for the whole duration of the Red Team i.e. 6 to 12 months. Therefore during a CRT engagement, we report back on what we found each month. This allows you to show continuous improvement and ensure that other attackers can't use the same vulnerability to compromise your organisation. CRT goes great with Advisory! This will give you a dedicated consultant each month to run feedback sessions, explain the findings, retest, assist with remediation and transfer skills.
Social Engineering is one of the oldest and best known attack methods i.e. people have been deceiving and manipulating other people for thousands of years. We adapt these traditional techniques for today's world. Social Engineering is a great way to see how aware your organisation is about these techniques and how susceptible they are to them.
Unfortunately, many times people are the weakest link in your security thus this service is a great way to test and educate your users. Some of the techniques we use:
Our daily, weekly or monthly vulnerability assessments are an extremely cost effective way to identify and report on security issues contained in websites, applications, software and/or devices that could potentially be subject to exploitation.
This will allow you to close issues pre-production. It is always better to be proactive about security, as opposed to reactive. Download our Managed Vulnerability Service (MVS) brochure here.
MVS uses a number of well known and private tools to provide you with a list of vulnerabilities and security weaknesses found across your network perimeter or internally. MVS scans for the following types of issues: