Security vulnerability assessments, penetration tests, code reviews, red team tests and controls studies of networks, web-applications, mobile-apps, system environments, personnel and products.
Our programs are delivered from 2 primary perspectives:
1. The perspective of a malicious outsider without credentials or any intimate knowledge about the targets being tested; and
2. The perspective of a trusted insider with authorized access.
SDL security programs which are designed to test the security posture of web-applications, mobile-apps, their supporting infrastructures, backend systems, policies and controls in place to secure them.
Testing is delivered without credentials to measure the applications susceptibility to compromise from an unauthorized outsider and also from the perspective of an authorized user with credentials which allows us to test the security of the application from the inside out. Testing may be delivered against live production applications or pre-production QA applications.
Our firm also provides comprehensive secure code reviews which typically include a combination of expert manual analysis and automated analysis powered by the latest static and dynamic secure code assessment utilities.
Finally, our training solutions include role-specific curriculums that address secure coding for application development personnel.
Social engineering studies of client personnel to determine the security posture relating to security awareness as well as the organization’s overall resiliency to cyber-exploitation via social engineering attacks.