Application Penetration Testing
Whether you have a web application that needs the scruitiny of a trained security expert, or a custom built Linux distribution that needs to be tested from the inside out, EA consultants have the ability to to dive deep into applications quickly and efficiently.
From blackbox assessments to greybox application tests, security assessments are our specialty. Relying on extensive experience performing manual ‘ethical hacking’ rather than depending on automated tools, EA consultants have a proven track record of finding flaws that other assessors miss.
We actively support the Open Web Application Security Project (OWASP), and our consultants are well known experts in the field of Web Application security.
Web Application Vulnerability Management
Most websites change over time, and with those changes may come new vulnerabilities. After performing an initial manual penetration test of your web application, EA recommends ongoing testing of your application to monitor for any new vulnerabilities which may be introduced.
EA’s strategic partner WhiteHat Security Inc. delivers effective vulnerability management for your public facing or Intranet web apps at affordable rates. WhiteHat’s Sentinel solution is delivered as a Software-as-a-Service (SaaS) which provides massive scalability and the ability to start detecting and mitigating your web application vulnerabilities immediately, without the expensive CapEx or learning curves associated with traditional commercial web app vulnerability scanners.
Web Site Vulnerability Remediation
Vulnerabilities discovered by manual testing or the WhiteHat Sentinel service can be remediated rapidly by implementing “virtual patches” into supported Web Application Firewalls (WAF’s). EA consultants work with your company to help implement these quick-fixes, and can also help your staff develop changes to your code or architecture to permanently mitigate the vulnerabilities.
Are you deploying a particularly sensitive application? While blackbox testing can be very effective at identifying many security issues, combining blackbox testing with source code review (known as greybox testing) is the best way to gain maximum assurance. Our consultants provide expert security code review services for several popular web application development languages and frameworks, including C/C++, .NET, Java, ObjectiveC, PHP, Coldfusion, Python, and Ruby.