- W3af
- Arachni
- OWASP ZAP
When you develop an app for desktop, mobile, or web and let it live in a cloud, users come from all different countries and with different intentions.
Although 100% complete security is impossible to guarantee, getting to 99.99% coverage is very expensive and every decimal place costs more and more. It's important to have a pulse check on the infrastructure security and safety to provide you and your team with valuable information in the case of suspicious activities.
How do you keep or exchange security data? How do you access security credentials for your local dev environment? If you don't have them already, we will establish rules and policies that should be shared and accepted by all members of the dev team.
We run scripted tests against application-level services (APIs, web servers of various kinds, SQL injections, XSS injections, etc.)
We keep track of “safety bulletins” for backdoors found in any software you are using and apply a recently released patch if available.
We document any problems and their severity and report the results back to you.
We keep all packages at an OS level up-to-date while updating them centrally (ansible/chef/puppet).
We schedule automated security penetration tests that use open source and commercial tools to perform “hacks” against the infrastructure (production, staging, development).
And of course: Our brains, skills, expertise and centrally managed application and server-generated logs.
We set up monitoring services that keep you informed about the health of your services and development environment servers.
Just send us a brief description of your situation.
We’ll immediately start assessing your needs and send you a follow up with next steps.