|
|
Binary Application Auditing
Benefits of Custom Auditing with Grayscale:
Grayscale uses proprietary technology to examine and unroot application flaws, on a binary level. Grayscale experts utilize binary level examination and testing, to examing weak points in applications and expose them as such.
By evaluating security on a binary level grayscale can easily uproot flaws in:
» Application Design
» Application Security Mechanisms
» Application Implementation Strength
§ Custom Audit per Customer
Grayscale binary auditing is a per customer custom process in which we work with you and your staff to custom fit the audit to your requirements.
§ Pre/Post Audit Briefings and Tag-Ups
To ensure customer satisfaction, we make briefings of our intent and findings at the beginning and end of every audit.
Daily "tag-up" meetings are part of every days activity, making sure that client interactivity is a focal part of our assessment.
Multiple Assessment Models Available:
» Black Box Testing
Isolated perspective in which the audit team has little to no information about the application being audited.
» White Box Testing
The audit team is informed about the application, its functionality, and its behavior.
» Any combination of the both.
Extensive Reporting
º Executive Report
Summarized for action items, this report provides a simplified version of the assessment results, complete with fix recommendations and and highlighted points of action.
º Technical Report
Engineering report, complete with full audit details. All audit points are covered in detail and the software engineering staff will be fully briefed on the documents contents. Any flaws will be documented in this document, including proof of concept example code that is relevant to the application audit.
º Remedial Report
This report focuses on the results of the audit, from a remediation perspective. Focusing exclusively on how to harden or more securely implement
|
|
[top]
|
|
|
|
Penetration Testing
Discover and Eliminate Threats with Grayscale Penetration Testing
By providing penetration tests for your organization, you are ensuring the elimination of threats that otherwise would remain dormant.
Q. What happens when a threat is discovered?
A. Immediate Awareness.
The organizational contact of your delegation is immediately made aware and makes the decision to proceed or halt the test. All vulnerabilities, and the provided fixes for them are made available with daily tag-up meetings and in the final reports.
By eliminating these threats you not only protect your client and company data from external compromise, you also ensure the integrity of your company’s reputation by showing a proactive stance towards computer security.
|
When penetration tests are performed, all care is taken to ensure that the systems being audited are carefully unaltered beyond what is required to compromise them.
All system penetration must be approved by a site contact before any of our penetration testers will proceed with any advanced testing. We pride ourselves on our cautiousness as the integrity of your network is our first priority.
|
Testing provides Audit Controls
In industries subject to HIPAA and Sarbanes Oxley regulations where sensitive data is involved, penetration testing is absolutely mandatory to show proactive security within the organization.
Penetration Testing is Auditing
HIPAA legislation now determines the way that health care institutions must implement, monitor and audit the security that is employed to protect information stored on their computer networks. Regular penetration tests satisfy this requirement, with test reports being a valuable control which can greatly assist a corporation in passing an audit.
Penetration Testing is Assessment
Penetration testing assesses your network and its configuration to show where improvements can be made.
Penetration Testing is Accountability
By learning to avoid mistakes that are exposed during penetration testing, staff becomes more accountable for site security, and proactively aware of threats.
|
|
Grayscale Advantages:
Qualified Experts
Detailed Reporting
Custom Tools
High Interactivity
Deliverables:
Executive Report - Summary
Technical Report - Covering Vulnerability Details.
Remediation Report - Detailed Fixes for the Application
The Pulse of Security
As researchers ourselves, we always have our thumbs on the pulse of the security community. Our research team actively develops new research and presents at conferences on various topics relating to all aspects of computer security year round.
|
|
[top]
|
|
|
|
Web Application Auditing
Benefits of Web Auditing with Grayscale
Adds Strength
By auditing the security strength of a web application, you can root out flaws that could otherwise be used against the application.
Expose Problems
An audit will easily expose problems that would have otherwise been left unfound. By exposing these problems, your development staff gains crucial insight into avoiding such problems in the future.
The Exposure of Web2.0 Web Applications
Web applications have become a core part of operational business logic. Often times business logic applications are based solely on web platforms to make international work easier to accomplish.
The Danger of "In House" Development
Many corporations pay developers to develop “in house” business applications that are exposed to the internet with minimal protection.Web Auditing adds strength by auditing the security strength of a web application, you can root out flaws that could otherwise be used against the application. Expose Problems An audit will easily expose problems that would have otherwise been left unfound. By exposing these problems, your development staff gains crucial insight into avoiding such problems in the future.
|
Web Applications are Often Vulnerable
The quarterly Website Security Statistics report published by White Hat Security indicates that of audited Web Applications:
7/10 contain Cross Site Scripting
5/10 contain Information Leaks
2/10 contain Content Spoofing
2/10 contain SQL Injections
What if we are vulnerable?
Any one of these vulnerabilities, if exploited can cost your corporation significant loss of integrity and open your network to a host of attacker controlled scenarios.
All Audits Contain
Executive Report:
A simple to understand report containing the findings of the audit, rated by severity, and presented inline with remediation information.
Technical Report:
Report containing technical information regarding the audit, including all audit data.
Remediation Reporting:
The remediation report accompanies the technical report, detailing all fixes for discoveries listed in the technical report.
|
Audit Languages Supported:
PHP, ASP, Perl, Python, Ruby, CGI-C
Audit Platforms Supported:
Linux, Solaris, Windows, FreeBSD, OpenBSD
|
|
[top]
|
|
|
|
Security Services
Grayscale is a full service security solutions provider that offers enterprise level security services that range from assessment to incident response. Our engineers are some of the sharpest in the information security industry. They are considered subject matter experts in their respective fields.
Our services dont stop at implementation, we offer packaging that includes maintenance and planning for future needs in your infrastructure. We can custom tailor solutions to fit any budget. Consider us your one stop shop for network security.
Security Assessments:
Network Security Evaluation and Assessment
Wireless Security Evaluation and Assessment
Custom Intelligent Web Evaluations
Implementation and Maintenance:
Firewalls: Juniper and Cisco
Intrusion Detection: Snort, Juniper, and Cisco
Virtual Private Networks: Cisco and Nortel Concentrators
Server Technology: Anti-virus Servers and Logging solutions
Vulnerability Remediation and Hardening:
Post assessment remediation of the vulnerabilities discovered
Operating System hardening: Windows, Linux, and Cisco
Incident Response:
Forensics and various services for post compromise events.
|
|
[top]
|
|
