It is our understanding that you require web application security testing services, on a recently developed website.
We bring to the table almost 11 years of application and security testing experience. We have worked with several major corporations - financial, retail, healthcare and start-ups. So we can cater our solution to your needs.
We have developed project deliverables and training content for several large corporate clients and businesses. We can provide sanitized sample presentations and word reports before the engagement.
The steps of the engagement will be:
1) Planning and scope discussion: Discussing the target audience, requirements for videos and presentations, specific templates etc.
2) Framework design for the final presentation.
3) Build presentation and provide status updates.
4) Review final presentation and make changes as necessary.
We have hands on experience with application and network security including tools like - Nesuss, NMap, application proxies, open source and commercial application and network scanners, Metasploit etc., as well as manual assessment techniques. We have executed all these tools and processes; and we have presented in training and board presentations detailing how these security assessment processes work.
Experience with manual testing of the application includes:
* Cross-Site Scripting (XSS)
* Injection Flaws
* Malicious File Execution
* Insecure Direct Object Reference
* Cross-Site Request Forgery (CSRF)
* Information Leakage and Improper Error Handling
* Broken Authentication and Session Management
* Insecure Cryptographic Storage
* Insecure Communications
* Failure to Restrict URL Access
* Standard Security Vulnerability Testing
* Authentication Mechanisms
* Session Management and Cookie Poisoning
* Examination of Client-side Code
* Input Validation and Buffer Overflow
* Hidden Field Manipulation
* Forceful Browsing
* Permission Escalation
Experience with netowrk security testing includes:
* Unpatched Systems
* Susceptibility to Brute Force Attacks
* Common or Default Passwords
* Insecure TFTP and FTP Implementations
* NetBIOS / SMB Vulnerabilities
* RPC Service Vulnerabilities
* Network and Protocol Spoofing
* Source Routed Rlogin, Rsh and Telnet
* IP Forwarding
* DNS Vulnerabilities
* Other Insecure Configurations
For any questions contact us and we can discuss, and design a solution specifically for you.