White Box Network Penetration Testing
We identify technical, architectural and logical design vulnerabilities that contribute to the risk profile (confidentiality, integrity, and availability) of your organization’s data and information systems. Our process entails a hybrid approach of utilizing both OWASP v4 and PTES (Penetration Testing Execution Standard) guidelines, which results in a robust white box base testing framework that spans over 80+ security testing procedures.
- Collect, scan and analyze information system configurations in order to generate a prioritized comprehensive list of environment vulnerabilities, weaknesses and risks. These include:
- Network/server/virtualization/storage infrastructure
- Workstations
- Operating systems and mission critical applications
- Outline the potential impact and severity of each vulnerability, weakness, and risk including observed deviations from standard information security best practices and principles.
- Identify the root causes behind the vulnerabilities, weaknesses, and risks that were identified in the assessment, while conveying how those problems relate to the inherent security posture of your organization.
- Provide your organization with a full due diligence report including information such as:
- Vulnerability/weakness/risk details
- Risk mitigation recommendations
- Analysis methods
- Information system statistics
- Network diagrams and more.
Dynamic/Static Code Analysis and Architecture Review
GoVanguard’s Dynamic/Static Code Analysis evaluates both web and non-web applications. Through advanced modeling we detect flaws in your software’s inputs and outputs that cannot be seen through web scanning alone. We utilize several overlapping tools and techniques including data flow analysis, taint analysis, and control flow graphs which require the software source code. The purpose of these techniques is to discover architectural and logical design vulnerabilities within the application.
- Analyze your organization’s application software source code using many overlapping tools with a team of multiple GoVanguard software security engineers.
- Identify vulnerabilities introduced to the application through dependency tree structures.
- Map all input and output application data flows.
- Generate a prioritized comprehensive list of software vulnerabilities, weaknesses and risks.
- Outline the potential impact and severity of each vulnerability, weakness, and risk, including observed deviations from standard information security best practices and principals.
- Provide your organization a full due diligence report including information such as:
- Vulnerability/weakness/risk details
- Risk mitigation recommendations
- Analysis methods and tools
- Diagrams of main application functions
- Data flows
- Dependencies and more.
- Includes technical risk management recommendations that are mapped to OTGv4 (OWASP The Guide v4) as well as OWASP SAMM (Software Assurance Maturity Model) principles.