Traditionally, application security assessment involves emulation of highly determined attackers with access to public applications that require a level of security assurance (such as e-commerce or online banking sites with custom written ASP or other server side scripts).
Security Matterz has proven experience in the assessment of primarily ASP and Java-based web systems and server side processes.
Risk Identification & Classification:
An important first step in improving the security of any web site of application is to correctly indentify areas of risk and set clear priorities in-line with business drivers. Security Matterz understands real world network risk and business impact, focusing primarily on three key areas during an application security assessment:
- Resilience of applications from overflow and input validation attach
- Session resilience, attempting to compromise other users sessions
- Assessment of operating platform components and permissions
Security Matterz assessment services are geared completely around the client’s network type and requirement.
Methodology:
A standard Security Matterz's Application Security Assessment methodology used to assess a given ASP-based web site using back-end SQL database servers would involve the following being undertaken:
- A complete dump of the publicly accessible components being downloaded, allowing for insight into potential configuration files and arguments passed to scripts directly through POST and other HTTP methods.
- Comprehensive assessment of each and every script argument to test for overflow bugs (heap, stack, et al) and input validation problems such as format string input and SQL injection techniques.
- Use of publicly known web service vulnerabilities to attempt to circumvent environment security through reading fragments of protected system files (such as global.asa or other configuration files containing DSN connection strings).
- Full assessment of the web service and its enabled options (checking for responses to commands such as HTTP PUT).
Client deliverables include a hand written report, clearly documenting the current state of application network security, and recommendations for improvement of server configuration, permissions, and bounds checking within accessible scripts. Due to the fact that Security Matterz reports are hand written, the findings and recommendations are tailored with both the client business drivers, and technical network configuration in mind.
- Security Policy Baseline
- Position & Strategy Formulation
- Security Awareness Program
- Application Security
- Oracle & SQL Server Security
- Vulnerability Assessment
- Penetration Testing
- SAP Security Services
- Wireless Testing
- Server / Forensic Audit
- Security Health Check & Risk Management
- ISO2700x & BS2599 Services
- Computer Forensics
- Social Engineering
- Firewall Rules Audit
- Network Security
- Implementation & Training Services
- Governance, Risk & Compliance
- Internal Network Audit & Wireless Security
Wireless Security
The AirPatrol WS 1000 wireless sensor delivers powerful wireless sensing capabilities with performance characteristics superior to any other currently available wireless sensor.
The AirPatrol CellSensor™ is the first device capable of accurately and reliably detecting and locating cellular phone devices on all commonly used bands without decoding their data packets.
.
Active Directory Optimization
Optimization is the process of changing the logical architecture of an Active Directory implementation to increase its security and ROI.
The Genesis architecture will quickly and simply optimise your Active Directory by implementing a pre-fabricated, production tested logical architecture that will instantly raise the security and ROI of the whole Windows Infrastructure.