Picture the everyday guy, sitting at home, browsing the internet, clicking links, and downloading software. He is totally unaware of the potential attack vector he is opening up for potential hackers to exploit. As application developers and security researchers, it is our RESPONSIBILITY to insure that our application’s security is up to par and able to combat and defend itself against the bad guys. Developers often place functionality in front of security. However, time has shown us, that security must be our number one priority to protect the consumer as well as our company’s integrity and reputation.
Here at The Pentesters, we provide a very thorough and robust application security audit service. We want you to be safe and we want your clients and consumers to be safe as well to help build a stronger defense against attackers while bringing top of the line, cutting edge technology to the world.
We will audit the following types of applications to attempt to discover vulnerabilities and provide remediation for said vulnerabilities.
- We will audit web applications to try and find any possible flaws in the design such as XSS or Code Execution vulnerabilities, SQL injection, authentication bypass, privilege escalation, SSRF, file inclusion, and many other different types of vulnerabilities. We actually have a very specialized web application audit service which you can find here.
- Cryptographic implementations are almost always, without a doubt, flawed. We will audit any cryptographic implementation to determine the integrity and security of protected information. We will check for possible attack vectors such as CBC bit flipping attacks, hash length extensions attacks, ECB block shuffling attacks, MAC bypasses, RSA broadcast attacks, cube root attacks against RSA, nonce collision, repeating IVs, etc. Like I said, cryptography along with its complexity is very challenging to get correct, and you must always have someone audit your cryptosystem to determine whether it is secure or not.
- Software vulnerabilities are the prime causation of mass exploitation. For example, the Operation Aurora which took place in 2009-2010 took advantage of a buffer overflow in internet explorer that granted code execution to a hacker who got a user to visit a compromised or malicious website. We will audit software to try and discover vulnerabilities like the aforementioned. We will search for buffer overflows on the stack and the heap, format strings, logic bypasses, patchable features, and many others.
As you can see we offer a robust and effective application security audit service. If you are interested in finding out how secure your applications really are, please contact us. Our application security audit services start at $1,495.00.