Software projects are often plagued with looming deadlines and unfinished functionality with little time, or expertise, to focus on security issues. We can assess your security and risk without the conflicting priorities that development teams face, ensuring that your application is measured against industry best practice rather than functionality that 'just works' or 'passes unit tests'.
We conduct both penetration testing - whereby we simulate attacks on your application - as well as source code evaluation via state of the art scanning technology. We provide a security evaluation report which categorises issues for remediation and risk decision making.
Our methods of penetration testing
To identify security vulnerabilities within applications our consultants use various methods to emulate attackers of varying degrees of skill, motivation, knowledge of the application and resources. These include
Where practical time constraints, cost and resources limit full testing we tailor tests to focus on specific areas or vectors subject to attack. Alternatively we can also deliver real-time penetration testing results if you need information as soon as it becomes available.
Our source code evaluation services: manual and Fortify Assisted
Application source code evaluation offers the most rigorous means of assessing an application, providing the highest level of security assurance for possible vulnerabilities.
We offer two methods of source code evaluation, either separately to, or in conjunction with, penetration testing: