
With our highly trained penetration testing team with CISSP, OSCP, ECSA, LPT(Master), CEH, CISA, CISM certifications & more, we provide multiple layers of external and internal penetration testing services:
Application Security Testing
Our wholly-owned company, ValueMentor is an expert web application security assessment company committed to helping you identify vulnerabilities in your web applications and assisting you in creating safe and secure applications.
Their comprehensive approach includes:
- Application Security Profiling where our security analysts scrutinize the application’s workflows, business logic, and functionalities, search for all potential public information specific to that web application, and then provide you with valuable recommendations from a hacker’s point of view.
- Threat Profiling where our security testing team develops a custom threat profile for the application under testing, based on the application analysis. These models help the security analysts to identify vulnerabilities and their exploitation vectors and then threat models are discussed with the clients for any feedback.
- Security Assessment & Attack Simulation Services where our security team prepares test cases, based on threat profiles where security test cases are performed, using automated and manual methods. Our security testing covers OWASP, SANS, WASC & PCI security assessment requirements where a comprehensive list of vulnerabilities are identified and validated, and false positives are eliminated to create an actionable list of findings.
- Reports are generated from which our Security Analysts rank the security vulnerabilities based on the universal vulnerability rating and unique risk rating in relationship to the client’s environment. Our security solutions team then outlines remedial actions to be performed, giving a quick solution for the client to remediate the security risk. Detailed reports are also provided to the technical team and a summary report is provided to executive management.
- Re-testing of the reported vulnerabilities are performed to validate the application is secure, validate closure of vulnerabilities, and confirm all identified vulnerabilities are brought down to acceptable risk levels.
Mobile App Security Testing
Our team accurately and efficiently discovers vulnerabilities. We provide a detailed security analysis of your phone or tablet-based app and combine various tests to determine if any other issues exist. There are 4 phases we follow in order to identify and remediate vulnerabilities:
Phase 1, Application Mapping. During the first phase of the Mobile Application Security Assessment, we map the application for each type of the Operating System architecture. This will provide a detailed understanding of the application and the data flow within the application as well as to the server.
Phase 2, Client-Side Attacks. The focus of this stage is testing to understand any weaknesses on the client’s side. This includes the analysis of temporary storage, sensitive information and client-side encryption. We do this through binary analysis & identification of insecure APIs, file system analysis for the identification of sensitive files & weak encryption implementation, and memory & process analysis.
Phase 3, Network Attacks. During this stage, the communication channel between the client and the server undergoes a review and attack and sensitive plain text traffic is retrieved by analyzing installation traffic and run time traffic.
Phase 4, Server-side Attacks. In this final stage, the server-side application would be tested to find out how it responds to various malicious requests. TCP attacks are performed to identify vulnerabilities such as Buffer Overflows and HTTP Attacks are performed to identify application vulnerabilities such as XSS, SQL injection and other OWASP listed vulnerabilities.
Network Penetration Testing
Why is Network Penetration Testing important? Today, the IT infrastructure is more complex. Internal networks provide access to legitimate users over the internet, which increases the surface of an attack, requiring infrastructures to be assessed regularly for security threats. Plus, Network Penetration Testing helps you avoid network downtime and helps you to comply with audit regulatory standards like PCI DSS, HIPAA and GLBA.
Through our Network Penetration Testing Services, we enable IT departments to validate existing security controls and meet security compliance requirements, while allowing managers to better prioritize investments for remediation efforts. From our reports, organizations are able to evaluate the susceptibility of information systems to network attacks. We identify and actually exploit the weaknesses found in networks, hosts, and devices, penetration testing to help your organization identify the real level of risk posed by specific vulnerabilities.
We exploit these attacks by conducting External Penetration Testing, which is performed over the internet, bypassing the firewall. Through this test, we show what a hacker can see in the network and exploit the vulnerabilities seen over the internet. We also perform Internal Penetration Testing by connecting to the internal Local Area Network to reveal any risks from within your organization’s network.
Three types of Network Penetration Testing:
Black Box Penetration Testing – This testing is carried out with zero knowledge about the network. The tester uses penetration testing tools, social engineering techniques and publicly available information to gain knowledge.
White Box Penetration Testing – This test is considered complete knowledge testing. Testers are given full information about the target network, like the host IP address, domains owned, applications used, network diagrams, and security defenses like IPs or IDs in the network.
Gray Box Penetration Testing – This test is designed to simulate an internal employee. The tester is given an account on the internal network and assesses potential threats from inside the organization.
Wireless Security Assessment Service
A wireless network offers a convenient way for your employees and partners to connect to the network. However, an insecure wireless network will enable an attacker to easily access your networks.
Once an attacker has internal wireless access they are often “behind” corporate perimeter firewalls with nothing to stand between them and your internal network resources such as databases, active directory servers, etc. And, wireless coverage often extends far past physical building walls into adjacent parking lots and other public areas, allowing would-be attackers to gain wired-equivalent network access without necessarily being onsite.
With our Wireless Security Assessment Services, we will validate your wireless security controls, letting you know to what degree your wireless networks are susceptible to attack. Along with any findings, you will be provided with technical, process, and people-oriented remediation advice.
Mobile Application Security & Risk Analysis
Mobile applications are increasing in numbers every day. Today, more mobile phones and tablets access web applications than PCs. This increase in mobile applications means there are more application vulnerabilities, resulting in added security incidents such as customer privacy violations and/or data loss.
To prevent this, we utilize the OWASP Mobile Security Methodology to conduct a detailed security analysis of your mobile applications. Our automated and manual testing methods detect vulnerabilities and issues of your mobile application, and tests both the client application as well as the server side.
Application Security Assessments
Web Applications play a key role in business today. They connect organizations with their customers, partners and suppliers and to their most critical information assets. This makes web applications the most attractive target for hackers. Statistics show that weak web applications are responsible for a majority of the reported security breaches.
Our Application Security Assessment Service provides you with the information required to ensure the security of your web applications and critical information. We review all types of web servers, ranging from WordPress sites to online banking environments to control systems for critical national infrastructures. We’ll help you improve data and network security by identifying any vulnerabilities which could affect the ability to protect the information owned and operated by your organization and recommend the improvement opportunities to ensure the confidentiality, integrity and availability of your information assets.
Utilizing OWASP guidelines, our security analysts exploit Web Application vulnerabilities by penetrating in a controlled, non‐destructive method. We go beyond the OWASP Top 10 Vulnerabilities in our testing to include activities such as Password attacks, Application level DoS attacks, Application client tests such as browser vulnerabilities and application impact.
We’ll provide you with an actionable report which depicts the current state of your applications and outlines recommendations for fixing the security issues identified which have been rated on a scale of High, Medium or Low.
Contact a Security Expert today and validate your security posture. security@ampcus.com