|
Security system testing services
At any stage of development or production netlogx will provide customers with security systems testing services. This is especially useful in providing an independent view of during system proving.
The testing services can be either "Black Box" which assumes limited prior knowledge or "White Box" where there is full application knowledge. For maximum effect a combination of both approaches is often used.
The scope of the testing services would include some or all of the following elements:
- Identify any non-essential functions that are exposed to users or other applications
- Monitor network traffic for transmission of information that could be used by an attacker
- Test for a range of typical vulnerabilities
- Test resilience to inappropriate data
- Review systems software for known security flaws
- Review the infrastructure implementation for secure operation
- Ensure that applications are not prone to "fail open"
- Assess the protection of sensitive information and administrative functions
Benefits
These testing services provideorganizations with:
- Independent, expert assurance that applications and processes are able to resist a range of attacks
- Comprehensive testing of bespoke applications by drawing on extensive security knowledge to devise potential threat scenarios
- Objective, independent and current knowledge of the security profiles of a wide range of commercial off-the-shelf (COTS) software and COTS-based applications
- Security expertise to advise on best practice security implementation and remedial work
advise on best practice measures and corrective action required to improve security deployment and integrity
- Confidence that system will be withstand concerted attacks
netlogx will also provide, as required, recommendations and guidance the development of hardened configurations that enable required functionality but have no unneeded features and capabilities, which will greatly improve integrity and resistance to attack.
|
