Audit the Perimeter: Validate that Routers, Switches, Firewalls and third party software are configured in the right way.
Audit Web Applications: Validate controls using advanced techniques and testing methods.
Audit Windows and Active Directory: Audit the management process of Windows systems and active directory, in addition to checking replication, policies and other controls (Physical, Availability, Network, Application, Change, Patching, Vulnerability, Access, Permissions/Privileges, Logging, and Monitoring).
Audit Unix/Linux Systems: Validate that secure configuration is created.
Audit the cloud: Check contractual requirements with the provider and conduct technical testing of your deployments (PaaS, IaaS, SaaS).
Audit Databases: Run audit scripts on existing databases and check existing controls (Physical, Architectural, Inventory, Change, Patch Management, Vulnerabilities, Operating system, Network, and Application). Also we check Listener security, Authentication process and methods, User Accounts, Roles, Passwords, Links, Privileges, Triggers, and Parameters.
Audit Critical Controls: We also audit other critical controls (www.sans.org) that is not specific to any of the above audits.