Why let hackers discover your applications' vulnerabilities? Let Foundstone find your security weaknesses and fix them first. Foundstone can save your company’s reputation and prevent revenue losses.
The National Institute of Standards and Technology estimates that up to 92% of today’s vulnerabilities are at the application layer. Almost every major application in use today has experienced at least one critical vulnerability broadcast, resulting in loss of sales, as well as loss of reputation and customer trust. Foundstone Application Penetration testing service looks at an application from the perspective of a malicious hacker and finds the holes before they can be disclosed publicly and exploited.
The testing begins with static reviews of the binary executables and libraries that make up the application. Server-level scans search for known vulnerabilities and common misconfigurations. Our penetration assessment consultants then perform a discovery process to gather information about the application and search for information disclosure vulnerabilities that reveal secrets such as passwords, cryptographic keys, or customer information. With this data in hand, Foundstone conducts the bulk of the testing, which consists of:
During all of the testing, the main goal is to compromise the application's servers, remote agents, and clients. Additionally, Foundstone searches for application vulnerabilities that would allow an attacker to gain access to the underlying operating system or the backend database servers.