Michael V. Scovetta
Security Assessment Services
According to an article in Business Week, "Stamford (Conn.)-based research firm Gartner estimates that about 25% of all small businesses suffered a hacker attack in 2008, up from about 10% in 2003."
Is your web-site secure?
If you own a small business web-site and aren't sure whether you need a full security assessment, you can use the comment form to request a free consultation and evaluation. Learn More.
Both manual and automated penetration testing can be performed on your internally- or externally-facing web-applications. Using tools such as Nessus, Nikto, Wikto, and IBM AppScan can be combined with manual penetration testing techniques to assess the overall security of an application.
All findings are screened and validated and presented in a final report that includes recommendations on how to remediate the identified vulnerabilities. An free "re-scan" can be used to ensure that identified vulnerabilites have been fixed.
In a design review, the actual application design and implementation would be examined for security flaws. Design documentation, architecture diagrams, and knowledge of the environment and the typical usage of the application is analyzed for potential defects.
Code reviews are conducted using both automated tools (including Yasca) and manual techniques to ensure that all vulnerabilities are detected. Source code can be written in C/C++, Java, .NET, or PHP and can range from a few thousand lines to many hundreds of thousands.
For More Information...
Scovetta.com is a personal website. Opinions expressed are my own, and not those of my employer or any groups I am affiliated with.