Even the best application developers make mistakes, some of which silently affect security. Without a focused application audit, these flaws may lie undetected for months or even years. This gives talented attackers time to find and exploit them to steal customer information, corporate secrets, or gain internal network access. An application audit provides a valuable outside perspective on how well it manages these risks.
Positron Security's auditing professionals have extensive programming experience, and are well-versed in identifying code-level flaws and faulty application behavior. Our application security audits highlight deficiencies in not only the application itself, but also in the development processes used, as well as gaps in the developers' security knowledge. Two types of application security audits are available:
- Black-box Testing
- Without access to source code, we analyze the application in its native environment to see how far 3rd-party attackers can go. We search for common mistakes with SSL/TLS, information leakage, privilege escalation, session management, data confidentiality, and data integrity.
- White-box Testing
- With access to source code, we analyze the code design and implementation, and look for deeper problems that may be rarely triggered during normal use. We specialize in C# (.NET), Java, PHP, Ruby, Python, C++, and C source code reviews.
All findings, along with proof-of-concept examples, references, and solutions are documented in a final report.
Please contact us for more information, or to get a quote for our services.