System & API Monitoring Customized emulator framework facilitates reverse engineering and low level applicaton analysis.
In-depth study of communicaton protocol, encrypton, compression, etc. Detailed Fix Informaton with Source Code Examples
Detailed informaton is provided on how to fx issues in your specifc development language, framework and platorm.
Step by step instructons, POCs & examples are given for your applicatons & platorms. E.D.I.T.E Intelligently Selects the Ideal Tools Selects tools based on target frameworks, platorms, applicatons and versions. Ensures that ideal combinaton of tools are intelligently selected and run for each individual target. Integrated Proprietary, Open-Source and Commercial Tools Unique combinaton of tools delivers ideal balance between security, efciency and cost.
Tool output is cross-referenced, correlated and fed to manual auditors for review & analysis Expert Led Test-Case Driven Approach
Experts create test cases specifc to your business concerns, priorites and pain areas.
Our large internal test case database is referenced based on various identfers. Identfy Design & Logic Vulnerabilites Our expert driven mapping and test case based approach identfes design & logic issues in your applicatons. Such issues generally have a high business impact & cannot be found through automated scans. Mobile Application Penetration Testing Secure mobile applicatons from technical and business logic issues. Get actonable fxes. Our Mobile Applicaton Penetraton Testng service leverages applicaton mapping, reverse engineering and proprietary tools to identfy business logic and technical vulnerabilites in your mobile applicatons. Many of the risks associated with mobile applicaton are similar to those of web applicatons such as user authentcaton, data security, data in transit, etc. Our core focus lies not only in identfying technical vulnerabilites but identfy key issues related to applicaton permission and data fow. Our in-house developed E.D.I.T.E framework takes our experienced consultants through a well-defned testng workfow that intelligently automates repeatable tasks while facilitatng auditors to efciently carry out thorough manual testng. Challenge Soluton Matrix Developers cannot fx issues.
We are stll vulnerable afer several audits.
We need to meet Compliance mandates.
We want to prevent leakage of sensitve customer informaton like credit card details.
How do we prevent user account hi-jack?
Detailed recommendatons with source- code examples in your development language. Re-testng of vulnerabilites tll closure is a complimentary part of our service.
Our experts help your team understand and fx issues. Our testng guidelines meet the requirements set by most compliance standards.
We help you identfy and prevent sensi- tve data leakage like credit card details, locaton, owner id informaton etc. Identfy sensitve data transmission over unencrypted channel Quick turn-around tme for fxed release.
All issues are closed thoroughly.
Meet the requirements of compliance standards.
Your applicatons are tested thoroughly for both technical and logic issues.
Helps you to prevent data leakage through intercepton
Deliverables Executve Presentaton Excel Fix Tracker Detailed Technical Report Compliance & Testng Standards Your Challenges Key Benefts Our Solutons High level summary of issues Key metrics and analysis Impact and root cause analysis Acton items for remediaton Detailed proof of concepts Fix informaton with source code and confgu- raton examples Specifc to your applicaton Track fx status of issues Manage tmelines for fx Manage responsibilites for fx Summary of acton items Overview of Our Technical Process - E.D.I.T.E Excel Fix Tracker Overview of Our Technical Process - E.D.I.T.E 1 Automated Testng Proprietary, Open-Source & Commercial Tools 2 Manual Testng Network Mapping and Logic Testng 3 Integraton Data Correlaton and Cross-Referencing 4 Reportng Custom Developed with Detailed Fix Informaton a) Customized emulator framework identfes the applicaton frameworks, dependencies and components. b) File system and network anlayis analyzes and maps applicaton actvity and protocols. c) Internal intelligence engine selects ideal tools for the target, which includes proprietary, open-source and commercial tools. d) Data from various tools is collected, streamlined, cross- referenced and stored into the internal testng database.
a) Applicatons are divided into core modules and functonal areas.
b) Data fow between components is mapped along with their logical relatonships..
c) Applicaton is reverse engineered to understand its internal functoning
d) Expert consultants create test cases based on business concerns, pain areas and potental abuse scenarios. a) Data from automated and manual testng is cross- referenced and correlated to establish a fnal list of issues.
b) Data is referenced from public & private sources to build rich issue profles. c) Expert auditors analyze the data and extract any key details that may not have been picked up automatcally.
a) Experts manually document details, descriptons, proof of concepts and references specifc to your applicatons.
b) Source code and confguraton fxes for each issue are provided specifc to your environment. c) Step by step POCs and fx details helps your team understand issues. Process Comparison Traditonal Process Used by Most Firms In-Depth Process Used by Cyber Alpha Security
P
P
P
P
P P P P P
P P
P P P P
P
O
O
O
O O O
O O
O O O O O O Automated Testng Automated scanners to fnd technical issues Combinaton of in-house developed proprietary, open-source and commercial tools Tools are intelligently selected depending on your target infrastructure Manual verifcaton of all issues No false positves Manual Testng Mapping of business logic, data fow and workfow Reverse engineering of web applicaton functonality Test cases specifc to business priorites and pain areas Identfcaton of design and logic vulnerabilites Impact analysis through exploitaton and propagaton Integraton Correlaton of data from multple tools and sources Reference issues against private and exclusive vulnerability sources Reportng Custom developed report specifc for your applicatons Detailed fx informaton for your specifc platorms Source code examples for fxes in your development languages and frameworks Detailed proof of concepts with thorough explanatons Standard Audit Premium Audit
Generic Vendors Feature Feature Comparison
P
P
P
P
O O O O O
P P
P P P P Amsterdam, The Netherlands Veembroederhof 281 1019HD Amsterdam Tel: +31-20-511-2466 info@cyberalphasecurity.com
Chennai, India RMZ Millenia Business Park Phase 2, 6th Floor Tel: +91-44-6691-5315 info@cyberalphasecurity.com