Security validation services (penetration testing)
Applications, infrastructures, process, and user behaviours
Are you developing or integrating new business applications and wanting to make sure they are secure? Do you want to ensure that the investments you have made and the security measures you have implemented over the past few years have been effective? Do you want to find out whether your awareness program has been successful?
Validity of web application code
Before launching a Web application, do you want to ensure that it won’t introduce any significant vulnerabilities and that it meets your security requirements?
Our team of experts validates the code and detects any vulnerabilities. Conducted using OWASP methodology, our analysis combines manual and automated testing.
Our tests are aimed at both Web services (handling parameters, SQL injection, XSS, XSRF, authentication bypass, session hacking) and logic errors (programming errors and session integrity).
Target architectures
•
2.0 Web Service/SOAP, JavaScript, Ajax technologies
•
PHP, ASP,. NET, JSP, Servlet, CGI web applications
•
Apache, IIS, Tomcat, Coyote servers
•
MySQL, MSSQL, Oracle, Sybase databases
Comprehensive validation
Do your security measures adequately protect sensitive data and critical systems? What could be better for your peace of mind than testing the security measures you have in place?
Once we have completed our tests, you will receive a comprehensive report including a management summary, the detailed test results, and our recommendations for fixes and improvements.
The tests may cover up to several hundred systems (internal and external computer services).
Target systems, infrastructure, applications and processes:
•
Web Applications
•
Messaging Service
•
Operating Systems
•
Communication Systems
•
Databases
Validation of behaviour
Are your employees applying what they learned during your awareness campaign? As a result of the pressures of social engineering, they may be having data extorted from them, allowing third parties to bypass security features. Our behaviour validation service measures the adoption of secure behaviours by your users.
After our assessment, you will receive a report that will measure the impact of your awareness activities to date, or provide evidence to justify allocating a budget to launch an awareness program.
ployee behaviours validated:
•
Phishing
•
Web communication
•
Telephone contact
•
Direct contact
•
Shredding important documents
Why validation services?
•
To validate the security of newly developed and integrated business applications
•
To measure the results of security investments and the effectiveness of the measures implemented
•
To measure the benefits of an awareness program or assess the need to set one up
•
To comply with the requirements of standards such as PCI DSS
Benefits of our validation services
•
Assessment of technology, processes and behaviours
•
Independence guarantees the objectivity, integrity, comprehensiveness and rigour of the tests
•
Recommendations providing strategies for improving the effectiveness of security measures
•
Tests incorporating globally recognized practices such as OWASP and OSSTMM
Did you know…
•
80% of organizations will experience an application security incident by 2010.(Source: Gartner)
•
78% of Web applications with vulnerabilities are easily exploitable. (Source: Symantec)
•
91% of sites contain at least one vulnerability.
(Source: WhiteHat Security)
Validation services are the result of an alliance between In Fidem and GoSecure
