Yacouba N.

Secure authentication, access rights, and endpoints (where the most leaks occur):

• Review authN/authZ (JWT/OAuth, roles, scopes, permissions)
• OWASP API Top 10 checks (IDOR, injection, rate limit, errors, CORS…)
• Exposure verification (documentation, overlooked endpoints, environments, versions)
• Prioritized remediation plan + hardening recommendations (gateway/WAF, throttling, headers, logs)

Reduce the attack surface of accessible servers and services (internet/VPN/inter-site):

• Review ports/services + firewall rules + network segmentation
• OS hardening (Linux/Windows): accounts, permissions, admin MFA, RDP/SSH, policies, patching
• Service hardening (reverse proxy, web server, database, bastion host, admin access)

Detect major application-side risks (auth, sessions, data, endpoints):

• Review of data flows: login, roles, permissions, sessions
• Web security controls: OWASP Top 10 (injection, XSS, CSRF, IDOR, etc.)
• Verification of errors, logs, headers, CORS, uploads, and sensitive data handling
• Top 10 probable vulnerabilities and remediation priorities

Quickly detect attacks and obtain evidence (without unnecessary logs):

• Define security events to log + format (correlation)
• Alerting recommendations (thresholds/rate) + monitoring integration
• Action-oriented "Incident-ready" plan

Coverage of all types of applications, including M365 and business applications, with governance, clear decision-making, and a remediation backlog tracked monthly:

• Mapping and inventory of applications, flows, and sensitive data
• Monthly express audit: access, authentication, permissions, exposure, and critical configurations
• Prioritized action plan
• Harnessing and guidance: MFA/SSO, WAF/API Gateway, secrets, logs/alerts, and OWASP best practices
• M365 security: Entra ID, Exchange, SharePoint/OneDrive, and Teams (external sharing, admins, and rules)
• Ready-to-execute remediation backlog (clear tickets and tracking)
• Monthly security committee meetings, support, and guidance in case of incidents