Security Analysis Services
Digital Forensics Solutions offers a full suite of security services which can be tailored to meet your exact needs. These services include:
External Penetration Testing
When designing a secure network, perimeter defense is the first component that must be considered. Not only should the defense mechanisms protect against current threats, but future threats and vulnerabilities should also be anticipated. With this in mind, Digital Forensics Solution's external penetration testing methodology goes beyond the routine vulnerability scanning and manual penetration attempts to include testing procedures to develop an adequate defense against future attacks.
All publicly accessible internet devices are scanned for open ports, running services, and applications with mishandled or default configurations. After this data is collected, the necessity of each service or device is evaluated and assessed for its overall risk to the network.
Internal Penetration Testing
Attack from inside the network is the most serious threat that companies face. Due to the need to make services available to internal users as well as the prevalent attitude that a network's external defenses are adequate, many internal networks are ripe for compromise and chaos. Performing an internal penetration test allows Digital Forensics Solutions security analysts to rate the overall security of the internal network, judge the level of access control placed on ordinary employees and unauthenticated users, and give recommendations that will allow a client to protect its assets from internal attackers as well as external forces.
Our internal penetration testing methodology covers a wide range of tests and procedures that allows us to gain a complete picture of the network's security posture and resiliency. We have developed a flexible methodology that allows us to perform complete security testing of the network without hampering its ongoing continuation and stability. If extreme measures must be taken, we implement them in a manner that is least disruptive to our clients and their business. This provides the benefits of a thorough testing scenario in the safest possible environment.
Application Security Audit
Digital Forensics Solutions offers an extensive set of application security tests including source code audits, binary analysis, and website application testing. Our security analysts have comprehensive understanding of the mechanics and security vulnerabilities in many programming languages, some of which include:
- C, C++, Java
- Php, Asp, .NET
- Perl, Ruby, Python
- Assembly (x86, x86_64, etc)
There are also a large range of tests we can perform on specific applications, custom software and databases depending on the client's development environment and security needs including:
Whitebox testing includes full source code to the application as well as any supporting libraries. This allows our security analysts to uncover logic bugs and other hard to find vulnerabilities that may not be found while simply using the application's interface.
Blackbox testing is performed without the use of source code and a tester only has access to the external interface of the application. This test best replicates the conditions an outside attacker will deal with when attempting to compromise or infiltrate systems.
The most comprehensive review occurs when full source code for the application as well as access to the environment is provided. It allows our analysts to verify vulnerabilities they find within the system, and allows quick understanding of the control flow and logic of the application. Mixed tests provide the best advantage to both the client and the security analyst as both can be sure they have fully exposed and tested the system at completion of the procedure.