iSEC Partners -

Application and Product Penetration Testing

sarva — Fri, 28 Jul 2006 20:26:00 -0700

Identification of security weaknesses through penetration testing with or without code review
Demonstration of weaknesses as needed to validate findings
Simplified architecture review and threat modeling
Characterization of the impact of a successful attack
Recommend solutions for addressing weaknesses
The application, protocol, or implementation's security posture is reported
Upon request, a public facing document explaining the test methodology and results can be provided

sarva — Thu, 27 Jul 2006 22:15:19 -0700

Conduct a review of a system's design
Identify security implications of the design
Perform threat modeling
Perform a gap analysis between the design and industry best practices
Enumerate conflicts between business requirements and security considerations so informed trade offs are made
Recommend solutions for addressing security weaknesses
Can be conducted prior to implementation, or once in production

sarva — Fri, 28 Jul 2006 00:44:08 -0700

Examine sensitive areas of software code
Identify security flaws including: race conditions, overflows, character set conversion problems, logical errors, bad assumptions, key management flaws, and cryptographic mistakes
Recommend specific fixes and general coding practice improvements appropriate to the Client's environment
Lead groups of developer through code review exercises to enhance the Client's ability to audit code
Upon request, a public facing document explaining the test methodology and results can be provided