Conferra’s Application Security Testing services employ a structured approach to identify security vulnerabilities and help our clients address these vulnerabilities in a timely and thorough manner. Our service packages are devised to help you with a comprehensive security assessment, while also providing the ability to selectively assess your application’s security.
Application Penetration Testing (DAST)
Dynamic Application Security Testing, also referred as penetration testing, generally brings out the architectural weaknesses in your application’s security, thru automated and manual testing. Conferra’s team provides guidance and support thru post-assessment reports and help fix the vulnerabilities detected thru our Penetration tests, that cover authorization, authentication and session management issues, cross-site scripting, security misconfiguration, unvalidated redirects/forwards, cross-site request forgery, SQL injection, session management, sensitive data exposure etc. Our penetration testing is oriented towards simulating the real-world threats and by employing a variety of tools such as Metasploit, NMap, BurpSuite, SQLMap, Nessus, Kali Linux etc., along with manual testing based on business logic and analysis of application functionalities. A detailed report, including the categorization, suggested remediation etc., is provided on the vulnerabilities found.
Application Security Code Review (SAST)
Static Application Security Testing, also known as security code review, analyzes the application source code, byte code and binaries for security vulnerabilities. Conferra’s team employs a set of technologies/tools, such as Veracode, Fortify etc. along with manual reviews, to scan the source code and identify coding errors and critical vulnerabilities such as buffer overflows, unhandled error conditions etc. With most applications developed thru a combination custom code, open source and third party libraries, our code analysis/review utilizes binary SAST tools, source code scan tools and manual high-level architectural review. Our static testing accurately brings out hidden threats such as malicious code and provides actionable feedback, with relevant security intelligence and prioritization for the developers to understand the vulnerability flow. A detailed report with pertinent information and suggested remediations with best-fix locations, is provided to your development team.
Mobile Application Penetration Testing
Mobile Application Penetration Testing, with a combination of static and dynamic tools, analyzes your mobile application(s) security that is affected by a variety of factors such as Application Type, Operating System, Distribution, Data type and access level etc. Conferra’s team provides, based on dynamic testing and binary static analysis, a detailed security assessment of your mobile applications that are developed using native APIs, third party libraries and cross-platform development frameworks. Remediation advice is provided for the security vulnerabilities that endanger the application users and their data managed by the application. Our services cover all major smartphone platforms, including iOS, Android, WIndows, Blackberry etc.