1-888-373-0680

IT Security. Risk Management. Business Intelligence.
Our Foundation, Your Advantage.
Home
Solutions
News and Events
Company
Risk Management
Application Security
Infrastructure Assessments
Technology Solutions

CSO Online

09/08/2010

Moving day: How to protect your company during a relocation

Whether you're moving to a new headquarters or opening a new location or store, you'll need to keep tabs on a wide variety of assets. Careful planning will secure your business and get you back up and running quickly.

Read More

09/08/2010

Mozilla fixes Firefox's DLL bug

Mozilla on Tuesday patched 15 vulnerabilities in Firefox, 11 of them labeled critical.

Read More

09/08/2010

Symantec: Hacking victims blame themselves

Just under two-thirds of all Internet users have been hit by some sort of cybercrime, and while most of them are angry about it, a surprisingly large percentage feel guilt too, according to a survey commissioned by Symantec.

Read More

09/07/2010

Enterprise risk management: Get started in six steps

Daunted by the ambition of enterprise risk management? Here's a straightforward exercise to get started delivering ERM's business value.

Read More

09/07/2010

Microsoft investigates two-year-old IE bug

Microsoft is looking into a long-known vulnerability in Internet Explorer (IE) that could be used to access users' data and Web-based accounts.

Read More

Application Security Practice

Penetration Testing Assessments – Our professionals will work with you to develop a test plan. We provides several application and product security testing options:

Black Box – We perform testing using publicly available information. Threat modeling includes external attackers with no detailed application knowledge. Testing utilizes both automated tools and manual examination. The goal of this testing is to determine what security posture the application or product presents to an uninformed attacker.

White Box – In addition to Black Box automated and manual testing of the application, testing includes reviews of configuration files and security settings. We work with your staff to identify and assess security issues and to develop robust threat models. Administrative interfaces and connections to related components can also be assessed. The goal of this testing is to thoroughly identify weak and vulnerable aspects of an application in a cost-effective way.

Full Spectrum – In addition to White Box testing, we perform a coordinated code review and architecture assessment. This approach permits our security consultants to more efficiently identify security flaws and assess their impact on the components in the application or product architecture. Findings identified by testing and code review are correlated and cross-referenced, facilitating more extensive analysis and recommendations for remediation.


Code Review Assessments – Application security code review services offer line-by-line inspection of the application to determine any security flaws or backdoor that is left into the application. An application security code review is designed to highlight potential security vulnerabilities within the application based upon a defined application threat-model. Our approach to Application Security Code Review typically involves the following steps:

Threat Modeling – High level threat model is designed with the coordination of development team which helps us understand the applications functionality and existing security threats. Risks identified in the Threat model tell us which code to look at first and deepest.

Automation – Use automated tools to assess the code for semantic and language security bugs and optimize the search for vulnerabilities like Cross Site Scripting (XSS), Injection flaws, File Canonicalization and other vulnerabilities that require extensive labor.

Manual Validation – Manual validation of significant issues is done and conducted in line-by-line inspection of the application code to find logical errors, insecure use of cryptography, insecure system configurations, and other known issues specific to the platform (e.g. buffer overflow etc.).

 

Application Security Training – Aliado is offering highly interactive courseware that is targeted toward training and improving secure software development practices across the enterprise. Our courses provide a relevant, topical, and concise training platform to the appropriate personnel based on their role in the software development function.

Within each core track, training is defined and covered in 90-minute modules, which cover the basic concepts, the best practices, common mistakes seen in the real world, and how to avoid those mistakes to build secure software. Each track provides a means to measure current awareness along with the ability to identify where additional reinforcement is needed to ensure ongoing education needs of the users. Each module also contains learning games, video demonstrations, and multiple quizzes to help students retain information. The training manager can use all the data aggregated from the quizzes to identify group trends and generate insightful reports.

Introductory Tracks
Course 1: Security Awareness Training
Course 2: Introduction to Application Security (covering OWASP, WASC and MS SDL)

Advanced Tracks
Course 3: Security Training for Managers / Architects
Course 4A: Security Training for Developers - .NET
Course 4B: Security Training for Developers - JAVA / J2EE
Course 4C: Security Training for Developers - C/C++
Course 4D: Security Training for Developers – Flash / FLEX
Course 5: Security QA / Testing for Applications

Regulations & Compliance
Course 6: PCI DSS Awareness Training
Course 7: PCI DSS Training for Developer
Course 8: Security Training for HIPAA

For more information, please contact sales@aliadocorp.com or call (214) 299-8640 or (888) 373-0680.

 
© 2010 Aliado Accesso LLC