In the race to develop online services, networked hosts and underlying applications have often been deployed with minimal attention to security risks. The result is that most corporate sites are surprisingly vulnerable to hacking or industrial espionage. To test this, Ethical Hacking (sometimes referred to as Penetration Testing) is performed in conjunction with vulnerability scanning. Our team of ethical hackers can perform an in-depth analysis of identified potential high risk vulnerabilities with the primary objective to gain access to sensitive data assets within the organization environment as a practical demonstration of what a malicious individual could accomplish. Many vulnerabilities, when viewed independently, do not pose a great risk to the organization. When these weaknesses are combined and placed in the hands of a skilled attacker, the result is often a breach. Understanding and resolving configuration and security issues helps prevent the organization from experiencing and having to disclose a real attack in the future.

Each of our assessments rate common application security controls against industry best practices, identifying both short-term tactical fixes and long-term strategic initiatives to improve the overall security posture of the system.

Our professionals will work with you to develop a test plan. We provides several application and product security testing options:

Black Box – We perform testing using publically available information. Threat modeling includes external attackers with no detailed application knowledge. Testing utilizes both automated tools and manual examination. The goal of this testing is to determine what security posture the application or product presents to an uninformed attacker.

White Box – In addition to Black Box automated and manual testing of the application, testing includes reviews of configuration files and security settings. We work with your staff to identify and assess security issues and to develop robust threat models. Administrative interfaces and connections to related components can also be assessed. The goal of this testing is to thoroughly identify weak and vulnerable aspects of an application in a cost-effective way.

Full Spectrum – In addition to White Box testing, we perform a coordinated code review and architecture assessment. This approach permits our security consultants to more efficiently identify security flaws and assess their impact on the components in the application or product architecture. Findings identified by testing and code review are correlated and cross-referenced, facilitating more extensive analysis and recommendations for remediation.

By using manual techniques and a set of automatic tools the assessment pinpoints specific vulnerabilities and identifies underlying problems. The analysis integrates detailed vulnerability and countermeasure information for:

• Authentication 
• Authorization
• Session Management
• Data Integrity
• Data Confidentiality
• Privacy Concerns

What You Can Expect

• Security Pros with development/engineering background
• Proven Methodology
• Business minded approach
• Excellent Reporting
• Review and explanation of all discovered findings
• Realistic recommendations for remediation
• Reduced risk