Software Application Review

Application Security

Our AppSec experts will review your software from both an outside perspective, revealing any unintended information or vulnerabilities exposed to the public, as well from the backend, combing through your code and system architecture to find potential weaknesses. Our services include Manual Inspection and Review, Threat Modeling, Penetration Testing, Code Review, and Infrastructure Review. The end goal is to find potential vulnerabilities and recommend architecture improvements to maximize security and performance.

Source Code Review

Using both manual and automated techniques, and working inside our OWASP framework, we primarily look for potential vulnerabilities, security functions performed on the client side, flawed business logic, client-side access control, cryptographic functions, and any comments or details left by the developers. We look through all code, any included JavaScript, framework-specific generated code, third-party plugins, and any other dynamically generated DOM/HTML. Our Final Report gives a complete view of the security stance and lists fixes for all issues found.

Modeled around OWASP Methodology

The Intact Security approach for web-application penetration tests is modeled around the Open Web Application Security Project (OWASP) testing methodology and as such follows the current OWASP recommendations and best-practices. We built our proprietary testing methodology specifically around the OWASP testing guide as it is the definitive resource for web-application penetration tests. Using this approach allows us to be creative in our approach while staying within a secure framework.

Tell us more and we can help

Web App – Contact Form

Network Architecture Review

Configuration Review – Dot the I’s and cross the T’s

Having a firewall deployed within your business is critical to controlling the flow of network traffic inbound, inside and outbound of your organisation.
However, poor configuration of even the most effective firewalls can be rendered useless when not properly integrated and the rules they enforce are not well planned and implemented.

Why should I have a configuration review or architecture review?

Poor system configuration or architecture may cause systems to communicate in a less efficient or effective way and leave it vulnerable to unnecessary services. If these were to be exploited, they could provide a foothold for attackers and/or malware to propagate within your environment, reducing the security of your business.
It is important to first understand your specific business requirements, processes and functions; to then be able to translate these into an effective design and rule policy which can be enforced within the context of the current environment.

Intact Security offers a range of configuration, architecture and configuration reviews designed specifically to your business to ensure the protection of your network and systems

Cloud Infrastructure Review

Hybrid Cloud Security Challenges

With more and more businesses transitioning from traditional security and business applications to cloud security and cloud applications, it is becoming increasingly difficult for businesses to keep up with both types of security. The hybrid cloud security challenges are no different than on-premise cloud security. Many of the responsibilities associated with security for your data in the cloud are like securing the data on-premise.

Intact Security professionals use a combination of expertise and intelligence to independently audit and evaluate your entire cloud infrastructure to determine what your risks are, help you understand how to protect your business assets from attackers, and what resources you need to quickly identify and respond to security threats. Contact us today for Cloud security consulting or to conduct an Cloud penetration test.