join us on facebook
The Saturn Partners, Inc. | Penetration Testing | Saturn Partners, Inc. | #1 Security Auditing
4438
page,page-id-4438,page-template-default,ajax_fade,page_not_loaded,smooth_scroll,,wpb-js-composer js-comp-ver-3.6.12,vc_responsive

Penetration Testing

Attack vectors and risks are different for mobile platforms than traditional web based applications.  The Saturn Partners, Inc. has gained a deep understanding of mobile architectures and application development having assessed numerous mobile applications, reviewed device-level security controls and worked with telecommunications providers over the years (also see VoIP on our site).

While performing penetration testing with or without source code review, we examine and reverse engineer applications and protocols.  Furthermore, SPI also performs both local device and remote service penetration tests.

Our Penetration Testing Service covers the following, but is not limited to, the following:

 

Application and Product Penetration Testing:

 

  • Identification of security weaknesses through penetration testing with or without code review
  • Demonstration of weaknesses as needed to validate findings
  • Simplified architecture review and threat modeling
  • Characterization of the impact of a successful attack
  • Recommend solutions for addressing weaknesses
  • The application, protocol, or implementation’s security posture is reported
  • Upon request, a public facing document explaining the test methodology and results can be provided

 

Application Design Review:

 

  • Conduct a review of a system’s design
  • Identify security implications of the design
  • Perform threat modeling
  • Perform a gap analysis between the design and industry best practices
  • Enumerate conflicts between business requirements and security considerations so informed trade offs are made
  • Recommend solutions for addressing security weaknesses
  • Can be conducted prior to implementation, or once in production

 

Application Code Review:

 

  • Examine sensitive areas of software code
  • Identify security flaws including: race conditions, overflows, character set conversion problems, logical errors, bad assumptions, key management flaws, and cryptographic mistakes
  • Recommend specific fixes and general coding practice improvements appropriate to the Client’s environment
  • Lead groups of developer through code review exercises to enhance the Client’s ability to audit code
  • Upon request, a public facing document explaining the test methodology and results can be provided
 
 

Liked What You Just Read? Join the Highest Level Newsletter in the InfoSec Industry.

Latest News:


Google