The right combination of services for your business
Application Security Reviews
Typically the first plan of action for determining vulnerabilities, this service offers a detailed security analysis of an application, its supporting infrastructure, and its security development lifecycle. It is designed to help establish a solid application security foundation and baseline, and to build and maintain security applications.
What we evaluate:
- Security-relevant people, processes and procedures
- Application infrastructure
- Application source code
- Application functions
Back to top
Application Vulnerability Assessment
We analyze your applications - including your web and externally accessible applications.
The assessment includes:
- Input validation
- Access controls
- Forceful browsing
- Cookie manipulation
- Session management
- Encryption
- Password policies
- Information disclosure
- Known vendor vulnerabilities
- Code reviews (if applicable)
Back to top
Network Vulnerability Assessments
We provide 5 distinct Network Vulnerability Assessments:
- Internal
- External
- Dial-Up
- Wireless
- Discovery
After the initial information gathering phase we test all assets identified and provide a list of potential vulnerabilities and risks. Then we validate the list to verify that the vulnerabilities are real and recommend how to remediate issues based on which can have the most impact to your organization.
Back to top
Penetration Testing
Here, we test your systems to determine if vulnerabilities are present and if your systems might be attacked by known exploits, automated malcode threats or malicious internet users.
As part of your penetration testing service, we will:
- Verify which systems on your network are active and what services are running
- Identify potential security vulnerabilities and provide remediation advice
- Rate vulnerabilities by severity to help you prioritize mitigation efforts
The penetration test includes both manual and automated tests:
- Port scanning and banner capture to identify services available on hosts
- Vulnerability assessment of identified services
- Firewall checks pertinent to the type and release of firewalls employed by the business
- Password authentication tests
- Network protocol-based tests
- Protocol spoofing checks
- Network device checks
- DNS checks
- Mail relay checks
Back to top
VoIP Assessment
Evaluates your VoIP infrastructure security posture from architectural and technical perspectives, offering a comprehensive approach to identify, assess and mitigate potential threats to VoIP systems.
The VoIP Assessment targets a wide range of potential security threats inherent in traditional voice and IP-based data networks including fraud, privacy, denial of service and viruses on premise-based and hosted VoIP systems. The analysis consists of a four-part evaluation:
- VoIP Architecture Review
- Network and Device Penetration Testing and Risk Assessment
- Evaluation of Standards, Policies and Procedures
- Discussion of Findings and Action Plan
Back to top
Wireless Assessment
Our wireless security assessment is modular and can be adapted to meet your risk profile and budgetary requirements. Some of the key areas covered by our offering are:
- Discovery of all wireless access points and clients
- Validation of wireless network perimeter
- Vulnerability and penetration testing of access points
- Configuration review of access points and wireless clients
Hardware used for assessment includes:
- Laptops
- PDAs (Palm, iPaq)
- RF amplifiers
- PCMCIA wireless network cards
- Omni-directional/directional antennas
Software used for assessment includes:
- Nmap
- Ethereal
- Firewalk
- Hping
- Kismet
- AirSnort
- Proprietary scripts
Back to top
Back to Threat and Vulnerability
