CanDoTech Consulting Inc. has a full line of services dedicated to web application security, HITECH compliance, PCI complaince, HIPAA compliance and custom security consulting services
A single successful penetration by a malicious hacker can result in compromising an entire organization’s confidentiality, integrity, and availability (“CIA”). CanDoTech’ s research driven penetration testing & vulnerability assessment services help to prevent such a compromise by testing at realistic levels of threat.
Understanding real-world risks
CanDoTech conducts penetration tests from inside and outside of your network to identify risks and help you to prioritize remediation. Types of penetration tests include:
- Internal and external network penetration test
- Web and mobile application penetration test
- Wireless penetration test
- Social engineering security testing (physical and electronic)
Penetration testing services
External network penetration testing
Penetration testing for Internet-accessible devices or internet of things (“IOT”) along with services such as web servers, firewalls, routers, DNS and remote access etc.
Internal network penetration testing
Penetration testing for internal servers, firewalls, routers, switches, email and DNS services.
Wireless network penetration testing
Penetration testing for wireless infrastructure, including access points, controllers, firewalls etc.
Application security testing services
CanDoTech’s comprehensive Web Application Security Testing covers the classes of vulnerabilities in the 2013 Top 10 Open Web Application Security Project (OWASP) and are listed below for easy reference:
- Malicious code Injection
- Cross-Site Scripting (XSS)
- Broken Authentication and Session Management
- Insecure Direct Object Reference
- Cross-Site Request Forgery (CSRF)
- Security Misconfiguration
- Insecure Cryptographic Storage
- Failure to Restrict URL Access
- Insufficient Transport Layer Protection
- Invalidated Redirects and Forwards
- SQL injection
- Man in the middle attack
The primary goals of Web Application Security Testing:
- Provide management with an understanding risk levels introduced by the web application.
- Provide recommendations and details to facilitate a cost-effective and targeted mitigation approach.
- Create a basis for future decisions regarding information security strategy and resource allocation.
- SSL report
- TCP fingerprinting