The identification of vulnerabilities in your system along with the knowledge of major areas of exploitation is critical. But what is more important is to be able to convey to you all this information in a clear and concise way. We at SecureLayer7 strive hard to be able to do this. Every assessment service completion of ours is followed by a delivery of an electronic assessment report deliverable. This report will include all the information about the security controls assessed as well as an analysis of the areas that need to be looked into for achieving the required amount of security.
Full Stack Penetration testing of your Internet of Things product—the device, how the device talks to your smart phone or the internet, the could services that hosts that data, websites or applications that talk to your device.
- PII data security review
- Code review—embedded code, remote procedure calls, mobile and web application code.
- Evaluation of authentication, authorization and auditing structure.
- Data security evalution at rest and in motion.
- Protocol communication review: REST, SOAP, RPC, etc
- Security evalutions databases and directories including queries, stored procedures, authentication and ACLS
- Reviewing privilege escalation attacks
- Reviewing cryptographic protection on applications and/or delivery mechanisms
- Reviewing application binary or packages for embedded passwords, keys, certificates
- Reviewing log handling, insecure storage, and caching/temp file issues
- Provide policy and compliance gap analysis to major standard and best practices (PCI, HIPAA, HITECH, FDA)