| |
|
|
| |
As more and more applications are web based, web application security exploits are becoming the attack du jour for hackers. Exploits embedded in http or https packets sail past perimeter security systems and potentially attack an organization's critical databases. Given the complexity of today’s web applications, these exploits are difficult to uncover and protect against.
| M3 Security offers the following application assessments: |
Black Box Testing |
| Threat Modeling |
| White Box Testing |
|
|
| Black Box Testing |
Our black box testing methodology is a refined process based on the OWASP top 10 model. Using a combination of open-source tools, automated scanners, and manual testing, M3 Security enumerate vulnerabilities across the following domains:
|
|
Threat Modeling
M3 Security helps companies proactively deal with security by performing threat modeling on their application designs. Threat models help capture security flaws at an early stage, thereby reducing the cost of fixing the flaws after the application has been deployed.
While several threat modeling techniques exist ( Microsoft's DREAD, and its variants), M3 Security believes that a threat model, to be used by the client, should be created keeping in light the environment that the client operates in. Our threat models, therefore, are customer-driven. |
| |
White Box Testing
While a black box test does capture several vulnerabilities, it does not provide a comprehensive listing of potential vulnerabilities, especially vulnerabilities driven by obscure but breakable encryption schemes, administrative backdoors, etc. M3 Security believes that a white box test that combines a limited source code review, black box test, and configuration reviews of the hosts that support the application provide the best bang for the buck. |
|
|
|
|
|
