Services I provide

Web Application/Site Security Testing

Also called Blackbox testing. Doing this before going live can save you a lot of blushes, lost productivity and loss in face later. The idea is to test the website or web application exactly how a malicious user sees it. Using a combined approach of automation tools and manual testing I can ensure maximum coverage and clear indication on what needs to be fixed and what is secure already. This is a good idea when you just can't share the source code or your IP prohibits showing the source code. Mind you best results are obtained when this is combined with reviewing the source code as well.

Security Code Reviews

Also called Whitebox testing. Looking at the source code of the application to identify holes before an application is deployed. With web applications offering tonnes of features ensuring 100% coverage blackbox testing can become pretty expensive. In this case the entire source code is reviewed for security issues and vulnerabilities are mitigated at the source itself. Again I re-iterate the best results are gotten by combining source code reviews with security testing as mentioned above.

Training and Development

Developers don't usually worry about security. Or in most cases they don't think like malicious users at all. They test for all kinds of testcases but miss out on the malvalent ones. Also almost always they have other bigger things to think about. So this gap between a great application and a great application which is secure needs to be plugged. Training them to think like an attacker allows them to go beyond of what they think how their application will be used. A lot of times what they feel is a small bug can have a major impact. Developer and Tester education about various attacks and what are the safe ways of programming can go a long way in eleminating vulnerabilities in web applications. What they learn can also be incorporated as part of your SDLC.

    Trainings Offered
  • Secure Web Programming in PHP
  • Secure Web Programming in ASP.net
  • Secure Web hosting in Linux
  • Secure Web hosting in Windows
  • Customized according to requirements

Server Hardening

Web applications are just a part of the whole system which is there to serve them. There can be security holes in the web servers, databases, underlying operating systems and other services running on the hosts. Server harderning basically looks at all these components and tests if they are configured securely and there are no chinks in the system. As the web application basically trusts the web server and the underlying operating system to be safe if there are any loopholes there then all the security in the world is of no use.