Security Testing
No matter if you're worried about the security of a single application or a diverse system, our experts in the area of security cooperate with you to develop an individual plan that meets the needs of your application.- app verification
- the improvement of the condition of security
- continuing DevOps security programs and trainings
- solutions adapted to your goals and to your budget.
S Security Testing
Catalog of Service
01
Risk assessment
- Review of architecture of the application
- The overview of the program code
- The audit of the database
- The testing of mobile applications
- The evaluation of the infrastructure of WiFi and looking for fake points of access
- The audit of rules of firewall security
- The automated scans of infrastructure and modules of application
- The audit of the control of SCADA processes
- The evaluation of the level of security for IoT solutions, autonomous machines
- The verification of external suppliers
- Cloud solutions (Cloud Services)
02
Verification of compliance with standards
- ISO/IEC 27000- 27999 (Information Security Standards)
- PCI DSS (Payment Card Industry Data Security Standard)
- GDPR: General Data Protection Regulation (GDPR)
- The audit of the SDLC (Secure software Manufacturing) process
- SOC reports
03
Protection of property and privacy
- Social engineering
- Access control audit
- Control of the CCTV
- Detection and analysis of Trojan and Malware attacks
- Construction of the user?s awareness
04
Consultations
- Evaluation of security procedures
- Incident reporting mechanisms
- Creation of restore procedures and security copies
E SAFETY TESTS The sample description of tested stages and areas
The sample description of tested stages and areas
Risk assessment
Security auditing
Penetration testing
Attitude/policy assessment ? Posture assessment
Security scanning
Searching for sensitive points - Vulnerability scanning
P WEB
Sample areas being the object of WEB application tests
01
Collecting information
- The techniques of social engineering
- The detection of the server
- The identification of entry points
- The mapping of the architecture of the application
02
Management of configuration and installation
- The configuration of network infrastructure
- Searching for administrative access
- Securing of sensitive files
- HTTP methods
- HTTP Strict Transport Security
- RIA cross domain policy
03
Management of Identity
- The outworking of definition of roles
- The process of registration
- The management policy of accounts
04
The process of the authentication
- Testing the channel of data emission
- The mechanism of password management
- Bypassing authentication
- Risk generated by the cache
- The alternate channels of authentication
05
The process of the authorization
- Directory/path traversal
- Bypassing the mechanism of authorization
- The escalation of permissions
06
Management of users? sessions
- Bypassing the mechanism of session
- Cookie attributes
- Classified data display
- Logout functionality
- Dimming the session
07
Techniques of input validation
- Manipulation of HTTP commands
- Change of parameters
- Injection attacks
08
Error handling
09
Weak cryptographic mechanisms
10
Customer susceptibility of the code
The models of the cooperation
Customer teams
The service is dedicated to the Customers having project teams. We give you the possibility to provide you quickly with the missing competences.
The teams at the headquarters of the B2Bnetwork
We can use our hardware and software. We implement the system that gives you the chance to make monitoring in a constant way.
The models of the accounting
Fixed - Price
The determined area of the project, the requirements, the time of realization and the price.
Time&Material
The budget of the project depends on the work needed to be carried out.
Time&Material with a limit
We determine the area of activities with a limit on the budget and the time of realization.
