Openbyte
Get in Touch →

info@openbyte.co.za
0860 222 111

STABLE • OPEN SOURCE • ICT SOLUTIONS

Security Assessment &
IT Security Policies

Identify infrastructure vulnerabilities and implement policies to stay protected and audit-ready.

Assessment Types

Network security

  • Port scanning & service enumeration
  • Protocol & firewall rule analysis
  • Network segmentation validation
  • Wireless network security

Application security

  • Web application & API testing
  • Database security review
  • Input validation & auth testing
  • Session management analysis

System security

  • OS hardening review
  • Patch management audit
  • Access & password policy review
  • Backup & encryption checks

How the Assessment Works

A structured five-step process from initial scoping through to remediation verification — so nothing falls through the gaps.

1

Scoping

We define the boundaries — systems, networks, and applications in scope — and agree on objectives and timelines.

2

Scanning

Our open-source toolkit is deployed across your environment to identify vulnerabilities, misconfigurations, and exposed services.

3

Analysis

Findings are reviewed, de-duplicated, and risk-rated. False positives are filtered out before reporting.

4

Reporting

You receive a full report — executive summary, technical findings, risk ratings, and prioritised remediation steps.

5

Remediation

We assist with patching, hardening, and configuration fixes, and can re-scan to verify issues are resolved.

Our Scanning Toolkit

We use a layered, open-source scanning toolkit rather than a single proprietary product. Each tool targets a different layer of your infrastructure — from container images and application dependencies to network services, web applications, and operating system configurations. Together they provide a comprehensive, cross-stack view of your exposure with full transparency into how findings are generated. After assessment, we commonly pair results with server hardening, Wazuh SIEM deployment for ongoing detection, and POPIA compliance guidance — serving businesses in Johannesburg, Cape Town, and across South Africa.

Trivy & Grype

Container & dependency scanning

Complementary scanners for container images, filesystems, Git repos, and software dependencies. Flag IaC misconfigurations and exposed secrets. Grype adds deep software composition analysis and CI/CD pipeline integration.

Metasploit Framework

Penetration testing

The industry-standard penetration testing framework. Used to safely validate and exploit discovered vulnerabilities, confirming real-world risk rather than relying on scanner findings alone.

Burp Suite

Web app security testing

The de facto standard toolkit for web application security testing. Intercepts and analyses HTTP/HTTPS traffic, and tests for authentication flaws, injection vulnerabilities, and broken access controls.

OpenVAS / Greenbone

Network & host scanning

Full-featured network vulnerability scanner with a database of 70,000+ CVE checks across hosts, services, and configurations.

Nuclei

Template-based scanning

Fast, template-driven scanner with a community library of 9,000+ checks covering CVEs, misconfigurations, exposed panels, default credentials, and web vulnerabilities across any protocol.

Nmap / NSE

Network discovery

Port scanning, OS fingerprinting, and service version detection. The script engine enables automated vulnerability probing across the network.

Nikto

Web server scanning

Scans web servers for dangerous files, outdated software, misconfigurations, and over 6,700 known vulnerabilities.

OWASP ZAP

Web application testing

Active and passive scanning for OWASP Top 10 vulnerabilities in web applications and APIs, with an automation-friendly headless mode.

Wazuh

Security monitoring & SIEM

Open-source security platform providing real-time threat detection, file integrity monitoring, intrusion detection, and compliance monitoring for PCI DSS, HIPAA, and GDPR.

Lynis

OS hardening audit

System-level auditing for Linux and Unix hosts. Checks hardening posture, file permissions, authentication settings, and kernel parameters.

Chkrootkit / rkhunter

Rootkit detection

Scans running systems for known rootkits, backdoors, and signs of compromise — an important layer for post-incident and routine audits.

Wapiti

Web app black-box scan

Black-box web application scanner that tests for SQL injection, XSS, CSRF, XXE, and command injection without requiring access to source code.

Pricing

R1,250
Per Server — Basic Vulnerability Scan

Custom assessment packages, volume discounts, and continuous monitoring solutions available. Contact us for a quote tailored to your environment.

Get a Quote →

Frequently Asked Questions

Most assessments are completed within 3–5 business days, depending on the size and complexity of your environment. Larger infrastructure or multi-site engagements may take longer — we'll give you a clear timeline during scoping.
Yes. We work with businesses of all sizes across South Africa — from single-server setups to multi-site enterprise environments. Our pricing is structured per server so you only pay for what's in scope.
No. Assessments are conducted non-intrusively and are designed to run alongside normal operations. We coordinate with you on timing to minimise any potential impact.
Yes. We assess cloud environments including AWS, Azure, and self-hosted cloud platforms. This includes cloud configuration reviews, container security, and Kubernetes cluster assessments.
We recommend at least once a year as a baseline, or after any major infrastructure change such as a cloud migration, new application deployment, or merger. Continuous monitoring solutions like Wazuh can fill the gap between point-in-time assessments.
Yes. We are based in South Africa and can conduct on-site assessments where required. Remote assessments are also available for clients across the country and beyond.
Yes. Our assessments and policy audits are aligned with common compliance frameworks including POPIA, PCI DSS, ISO 27001, and GDPR. Reports are structured to support audit processes and internal governance reviews.

IT Security Policies & Audits

A technical assessment tells you where the gaps are — a comprehensive policy framework ensures they stay closed. We develop and audit complete IT security policy suites for your entire infrastructure, giving you documented, enforceable standards that satisfy internal governance requirements and external compliance audits alike.

Our policy engagements cover the full spectrum of operational, technical, and organisational controls, including:

More Questions About Security Assessments

Additional questions from South African businesses about our security assessment and policy services.

What is included in a security assessment for a South African business?
Our security assessments cover network scanning, web application testing, OS hardening review, container and dependency scanning, and access control audits. You receive a full report with risk-rated findings, executive summary, and prioritised remediation steps — tailored to your environment in Johannesburg, Cape Town, or anywhere in South Africa.
Do you assist with POPIA compliance as part of a security assessment?
Yes. Our assessments and POPIA compliance policy work go hand in hand. We identify gaps in data handling, access controls, and audit logging that are relevant to POPIA obligations, and provide remediation guidance to help your business meet its compliance requirements.
What happens after the security assessment is complete?
After assessment, we assist with remediation — including server hardening, patch management, firewall rule changes, and configuration fixes. We can also deploy Wazuh SIEM for continuous threat monitoring so your environment stays protected between point-in-time assessments.
Can you assess both on-premise and cloud infrastructure?
Yes. We assess on-premise Linux and Windows servers, cloud environments (AWS, GCP, Azure), containerised workloads, and hybrid setups. Whether your infrastructure is in a Johannesburg data centre or a cloud region, we can scope and conduct the assessment remotely or on-site.
How is your security assessment priced?
Basic vulnerability scanning starts at R1,250 per server. Custom assessment packages covering multiple servers, web applications, and cloud environments are quoted based on scope. Contact us for a tailored quote for your South African business.
Linux Docker GCP Ubuntu Nextcloud Wazuh BareOS Zabbix Linux Docker GCP Ubuntu Nextcloud Wazuh BareOS Zabbix