There are several ways that our assessments can provide value to your company.
1. Vendor security reviews – if you have a potential customer who requires an independent security review, we can help you. On the other hand, if you would like to make sure software is secure before deploying it within your company’s infrastructure, we can verify its safety for you.
2. Market readiness – our clients rely on us to make sure they don’t release a new feature that could compromise its users or damage its brand. Before you release new software, engage with us to make sure it’s ready for any threats you’ll encounter.
3. Security education – if you need to make sure your software is safe, engage with us and we’ll not only find your vulnerabilities, we’ll teach you how to avoid them in the future based on your stack and platform.
We bundle automated source code analysis with our application security assessments, but we also offer separate, manual source code review.
Our assessments are rigorous, but they do not just follow a checklist. We look for everything you’d expect to find defined by OWASP, but we also pride ourselves in looking for trickier to classify vulnerabilities within the context of your software.
Mobile applications are also increasingly popular, with many successful companies relying entirely on mobile applications for revenues.
Many of the vulnerabilities commonly found in web applications also apply to mobile applications. We offer mobile assessments on iOS and Android platforms. When we conduct assessments, we look for security flaws in authentication, session handling and input handling as we would in web applications; however, we also prioritize vulnerabilities that particularly impact the mobile environment. For example, many mobile applications leave AWS secret keys embedded in file or directory locations that can be easily found. Sometimes sensitive data storage is incorrectly or insufficiently encrypted. Still elsewhere we find authentication models that do not offer proper account protection for users.
During a mobile assessment we explore the application as we would with a web application, but we also decompile it and explore it from the inside out. We look for vulnerabilities in the same way an attacker would with access to the software on a mobile device.
Desktop (or “client”) applications are still the most widely used programs today. Email clients, web browsers, text/document editors and other large desktop software are all extremely valuable targets for security compromise.
If your product is a desktop program, our assessment will find the holes in its security. We work with software produced for Windows, OS X and Linux. An audit from us includes decompilation and static analysis, followed by specialized auditing for memory corruption vulnerabilities, insecure file/system access, insecure logging or improper security controls. We deliver findings using both automated and manual methods, but all methods include extensive manual oversight and attention.
Work With Us!
If you’d like to learn more about how we can help you be more secure, contact us!