QA Security Services
CoreValue applies the latest security testing techniques and methodologies based on the OWASP TOP 10 and OWASP ASVS to effectively serve our clients’ needs.
This security approach combines Vulnerability Scanning, Ethical Hacking and Risk Assessments to demonstrate an overall security posture of an organization. Here’s how.
- Scanning an application for all known vulnerabilities
- Includes the use of OWASP ZAP, SSLyze tool, etc.
- Multiple penetration tests.
- Discovers potential flaws in the system.
- Accessing an application through other applications or combinations of loopholes that exist in the application.
- The most effective way to discover application vulnerabilities.
- Analyzes and defines risk that depends upon a type of loss.
- Analyzes and defines risk for the possibility/probability of loss occurrence.
- It is executed in a form of various interviews, discussions and analyses.
Security Testing Workflow
Security Testing Tools
The CoreValue experts utilize advanced technologies and tools for comprehensive security checks based on the client’s specific needs.
- OWASP ZAP
- SSLyze tool
- CSRF Tester
Featured Success Story
Improved Endpoint Security
Pharmacy software provider.
The goal is to develop a proprietary technology that can group millions of patients together with the strength to negotiate the lowest drug prices possible. The technology provider allows patients to purchase their medications online and to pick them up at their local pharmacy.
The individual challenges included:
- Safe transmission of user credentials, user profile data, and business card information.
- Reduction of the possibility of performing malicious purchases.
- Reduction of the possibility for bypassing authentication and authorization mechanisms.
- Exposing sensitive production environment configurations.
CoreValue’s Security Testing team reviewed the client’s application for the most well-known vulnerabilities and identified the threats. As a result, the client was alerted to the possibility of certain threats and closed the most critical ones. The client’s ability to do this helped overcome its security, which also saved its reputation, cost, and business.
Security testing was conducted manually with the usage of automation tools, such as Burp Suite, Fiddler, OWASP ZAP, and SSLyze. As a result, the following vulnerabilities were identified: XSS, Missing Function Level Access Control, Broken Authentication and Session Management, Security Misconfiguration, and Used Components with Known Vulnerabilities.
Let the CoreValue team evaluate your existing infrastructure and processes. Together, we can determine where Continuous practices best fit your needs!