IS Governance Security & Compliance team.

We can help you, if you need to reduce the Risk...

  • Aumentar fuente
  • Fuente predeterminada
  • Disminuir fuente
EvilCode Auditing Cod3

Auditing IT ICS IACS Codes

E-mail Imprimir PDF

Application Review:

If you have custom application and you need test it for security vulnerabilities you are in right place
in this service we offer advanced:

- Auditing Code
- Review Weak functions
- Check Class, DLLs, COM ActiveX EXE
- Fuzzing
- Reverse Engineering (Static / dynamic analysis using existing and our custom tools )
- Connection test
- Privileges test
- Misconfiguration test

Web Application Review:

If you have custom website / web application and you need test it for security vulnerabilities you are in right place in this service we offer advanced:

Source code auditing in:

PHP
ASP.net
ASP
JSP (JAVA)
Python
Perl (CGI)

In all of supported languages we will test for :

A1: Injection ( SQL / Code)
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Un-validated Redirects and Forwards

Black Box Penetration Test:

If you have a network and you have private information in your network and you like to know what a malicious attacker can do in your network you are in right place in this section we offer:

- network test against public / 0day vulnerabilities
- client side attack against social engineering / client side vulnerabilities
- Website / application audit against your infrastructure and website
- Finding paths to your internal networks
- Partner check for gaining access to your private data

Exploit Development:

If you found vulnerability in your product wild and need custom standalone exploit for proofing vulnerability you are in right place and in this section we offer:

- Reliable exploit development with bypass OS / Application where possible
- Custom payloads due to your requirements
- guard avoidance for testing your IPS/Anti-virus-firewall

(This engagement is considered on a case by case basis).

Thanks, Ivan

 

Bugs-Issues-Mistakes


Patching the System