Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Product Security Testing

Whether it's going to be an estate wide implementation, shopping for new security products or an internally developed solution, our product security assessment will help you to alleviate your security concerns 

Find out more
Get a FREE 30 min consultation

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Overview

Introducing a new product to your environment may bring surprises, if considered without cybersecurity on the mind. This includes anything from a custom off-the-shelf software to the network products, security solutions. You must consider how a new product will stand up to an attack particular to your environment variables.

A few examples include evaluating new security software, VPN/mobile applications, smart devices and/or software. The overall goal is to find out product weaknesses , demonstrate the extent of threats posed and help our clients address those issues particular to their environment.

We have a dedicated security assessments FAQ section. Read it here.

Why you need Product Security Evaluation?

Product assessments help you to assess if product owners/third-party vendors have developed the product with security in mind. Any issues identified will help you to liaise with your vendors to help secure yours and their products.

Methodology

Communication & Debrief

We take customer communication as seriously as reporting or assessment execution. We engage with customers during all stages, and ensure that customer contacts are up to date in the language they understand. Post engagement, a free debrief is conducted to help the customers understand the weaknesses and prepare a mitigation plan.

Reporting

The assessment-execution phase is followed by the analysis & reporting. Defendza performs analysis on the testing output, evaluates the risk impact and likelihood of exploitation in realistic scenarios before providing action plans to remediate the identified risks. All our reports address business as well as the technical audience with supporting raw data, including mitigation measures at strategic and tactical levels. 

Business Logic Analysis

The business logic for the entire application must be reviewed. This is only possible after gaining an understanding of how the application behaves for different privilege levels. From the threat-modelling phase and the knowledge gained, our consultants will be in the position to exploit business logic level vulnerabilities that are often overlooked by the developers

OWASP Top 10 Checks

Our consultants would focus on the top 10 categories of attacks defined by the industry-standard OWASP. This includes:

  • Injection,
  • Broken authentication,
  • Sensitive data exposure,
  • XML External Entities (XXE),
  • Broken access control,
  • Security misconfiguration,
  • Cross-site scripting,
  • Insecure deserialization,
  • Using components with known vulnerabilities and
  • Insufficient logging and monitoring

Review Authentication Architectures

Authentication and authorization problems are prevalent security vulnerabilities. Most mobile apps implement user authentication. Even though part of the authentication and state management logic is performed by the back end service, authentication is such an integral part of most mobile app architectures that understanding its common implementations is important.

Web Server Analysis

Web server hosting of the application is also considered a vital component during this testing. A weakness in supporting infrastructure including the configuration of the webserver could lead to a slight compromise of the application hosted on it. 

Threat Modeling

This phase helps to evaluate the threats affecting the web application under the scope. The types of attacks and likelihood of these threats materializing will serve as a basis for risk ratings / priorities assigned to the vulnerabilities during the assessment. Gaining insight into the threats identified, will provide a direction to this testing.

Reconnaissance - Web

This is an important step towards gathering as much information as possible about the target application. This includes passively fingerprinting the CMS and obtaining data cached in Google about the technologies /web pages in use. Any data obtained during this phase helps plan the entire pentest properly

Do you want to find out how your new product will stand up to an attack?
Call Us Now

Why Defendza ?

Thorough Analysis and Reporting

Our reports are comprehensive and include all the evidence that supports our findings. We give you a risk rating that considers how likely an attack is as well as the impact it could have. We don’t create panic scenarios. Our mitigation is detailed, covering both strategic and tactical areas to help our clients prepare a remediation plan.

Custom tools and scripts

Apart from the range of commercial and open source tools available for specific testing, our team has its own custom scripts for efficient testing. We provide accurate results to make sure our clients completely understand any vulnerabilities we report.

In-house experts

Our teams are led by veteran security consultants accredited by CREST standards for the last several years. Our experience shows that our clients are best served by giving them the right advice for their cyber security needs. We do not believe in spreading fear, uncertainty and doubt to generate more business.

Key Benefits

Call us for a FREE consultation
Call Us Now

Testimonials

"My experience to date with Defendza has been very positive, I look for a flexible, knowledable security "partner" when I engage a PT firm. Pentest means many things to many people and there are many different use cases for both the testing activity and the report generated and I need someone to work with me to get the absolute best value out of my security budget."

Information Security Officer
Insurance Group

Excellent people to work with. Very good knowledge of requirement and give us correct findings with excellent remedy to improve our security for our B2B portal site."

Head of Technical & Business Improvement
Leading Pharmaceutical Manufacturer

"I thought it was a highly professional and thorough exercise and I would have no hesitation recommending Defendza to any of my connections."

Director, Software Engineering
Global Information and Analytics Company

"Good personal service. We are delighted with the work Defendza did for us. Highly recommended."

CTO
Manchester headquartered Global Fashion Brand

"Extremely satisfied with approach, speed and end results. Thanks."

COO
International fashion label and store

"My experience of the Defendza team was 5 star.  They were so helpful, and their technical delivery and client communication were excellent."

Director, Software Development
Corporate Services Company

Resources