| Application Penetration Testing |
|
|
Find out what vulnerabilities you have before a malicious hacker does. |
| |
|
What is Application Penetration Testing? |
| |
|
When conducted by an ethical hacker, this is a process where a computer and network professional reviews an application to discover potential and current vulnerabilities on a network. This process is labor-intensive and requires deep knowledge and experience in a variety of different tools and a range of exploits. |
| |
| How is this different from PCI Compliance? |
| |
|
For most retailers, who qualify as 'Level 4' merchants (fewer than 20,000 Visa transactions per year), PCI Compliance utilizes sophisticated and well-established automated tools to discover and report potential vulnerabilities. However, there are limitations to automated tests, and a application penetration test is designed to more thoroughly analyze an application than can be accomplished through automated tests. |
| |
|
What is an Ethical Hacker? |
| |
|
An Ethical Hacker goes through extensive training to learn a variety of skills and tools to mimic how an accomplished malicious hacker may gain access to your system.
The ethical hacker works for the site owner, instead of against them. |
| |
|
What do you test for? |
| |
We test for a variety of vulnerabilities. These include but are not limited to:
- Input Validation
- Buffer Overflow
- Cross Site Scripting
- URL Manipulation
- SQL Injection
- Cookie Modification
- Bypassing Authentication
- Code Execution
|
| |
|
How do you conduct Application Penetration Testing? |
| |
| We discuss the unique requirements and concerns with each customer, and base our tests and procedures on this. However, a typical process involves the following: |
| |
- Identification of Ports
Ports are scanned and the associated services running are identified
- Software Services Analyzed
After the identification of the services is completed, both automated and manual tested is conducted to discover weaknesses.
- Verification of Vulnerabilities
To help verify the vulnerability is real, we may decide to exploit the weakness to help remediate the issue.
- Remediation of Vulnerabilities
We will work with you to resolve the vulnerabilities, and will re-test to ensure they have been addressed.
In addition to the above, a variety of different tactics are employed to determine if there are any SQL Injection vulnerabilities.
|
| |
|
Why should I use WebSafe Shield? |
| |
| Our testing is lead by one of the most experienced and certified application penetration testers available today. |
 |
Anthony Cicalla has been doing remote vulnerability assessments and application penetration testing related to PCI compliance as well as SOX, HIPPA and other regulatory requirements for over 5 years. He has completed audits from both inside and outside the perimeter to provide the various network views that a hacker would have and to identify these vulnerabilities so that the client could remediate these issues and secure both their network and company.
Anthony worked for Hacker Safe (and McAfee Secure after acquisition) as an Ethical Hacker for four years. He tested multiple "mom and pop" companies as well as larger clients including some of the world's largest banks and financial institutions. After leaving McAfee Secure, Anthony consulted with a top 5 financial institution in their security operations. |
| He has the following certifications; CNA, CEH, CISSP, GSNA, MCP, SCTA. They are Certified Novell Administrator, Certified Ethical Hacker, Certified Information Systems Security Professional, GIAC Systems and Network Auditor, Microsoft Certified Professional, Symantec Certified Technology Architect. |
|
| |
|
Sounds great, how do I get started? |
| |
|
The first step is to contact us so we can better understand your situation and what you are looking for. |
| |
| |
