Read apppentesting.pdf text version

APPLICATION SECurITy

APPLicATion PeneTrATion TeSTing

Stach & Liu's application penetration testing service rapidly identifies vulnerabilities and allows organizations to address risks introduced by insecure applications.

overview

Stach & Liu's application penetration testing service identifies security vulnerabilities by simulating a real-world attack against your application. results from the testing are delivered during project presentations and detailed within the security assessment report.

TeSTing APProAcH

vulnerability Scanning verification

Approach

Our application penetration testing methodology leverages the speed of dynamic application testing with the thoroughness provided by a manual review. vulnerability scanners are used to build a profile of the attack surface and to perform dynamic, black box scanning. Then the output of the automated scanners is combined with a manual review to verify the identified issues. Finally the team explores additional attack vectors and exploits the validated vulnerabilities to simulate a real-world attack.

benefits

The benefits of application penetration testing include the rapid identification of vulnerabilities that could also be discovered and exploited by external attackers. This testing is performed without source code access and augmented by our expert-guided penetration testing and validation process, which allows us to eliminate all false positives from the results. All findings are articulated in a comprehensive security assessment report consisting of an executive summary and technical findings section that contains vulnerability descriptions, exploit walkthroughs, business impact, and detailed remediation guidance.

Manual Penetration Testing Our application penetration testing methodology utilizes both commercial and open-source application scanning tools in combination with manual penetration testing and validation. Our expert-guided approach maximizes testing effectiveness while simultaneously eliminating false positives. deLiverAbLeS · Assessment report · remediation Guidance · Project Out Briefs · Status updates · Letter of Assessment*

*Optional

1

information gathering

2

Kickoff meeting

3

Application discovery

4

vulnerability Scanning

5

manual validation

AddiTionAL ServiceS · remediation verification Testing · Secure Web Application Development Training · SDL Program Maturity Analysis · SDL Program Design and Implementation conTAcT uS Stach & Liu, LLC 4600 E. Washington Street, Suite 300 Phoenix, AZ 85034 480 621 8967 [email protected] www.stachliu.com

6

Penetration Testing

7

risk Analysis

8

out brief

9

reporting

10

regression Testing

Atlanta | Los Angeles | Phoenix (HQ) | San Francisco | Seattle | Tokyo

Information

1 pages

Find more like this

Report File (DMCA)

Our content is added by our users. We aim to remove reported files within 1 working day. Please use this link to notify us:

Report this file as copyright or inappropriate

1038897