Get a complete analysis of your business’ software by a trusted security engineer — before it goes live.
The software you’re using should be tested against your security standards.
How We Help
One of our top application security engineers will evaluate your application’s internal structures and inner workings to identify flaws that could allow attackers to gain access to your critical assets. Using techniques such as control flow testing, data flow testing, branch testing, path testing, statement coverage and decision coverage, we examine the hard-to-copy (and often overlooked) error conditions that could be abused by skillful attackers. On top of that, we can pinpoint the exact line of code where the flaw occurs and provide very specific remediation recommendations.
Flaws we look for include:
- Cross-site scripting (XSS): XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping.
- Injection: Injection occurs when untrusted data is sent to an interpreter as part of a command or query.
- Identity and access management: The process where users are identified and requests for access to particular resources are granted or denied.
- Session management: A web session is a sequence of network HTTP request and response transactions associated with the same user.
- Account management: Authentication and account management are directly related to identity verification.
- Directory traversal: Directory traversal, also known as path traversal, aims to access files and directories that are stored outside the web root folder.
Nothing Gets By Us
Our methodology combines manual code review, proprietary application security directives (ASDs), and the use of proprietary and commercial tools to create a consistent and repeatable process. Our review covers a broad range of common weaknesses that go beyond the popular taxonomies such as the OWASP Top 10 and SANS/CWE Top 25.
Cyber as an Enterprise Risk
Your enterprise risk is always top-of-mind. We know you’re in a balancing act between implementing growth strategies and mitigating risk. While we are specialists in assessing, testing and remediating risk associated with software, we approach cyber as more than a technology risk.
Start a review, call +1.212.981.6540.