Security Code Review

After years of neglecting Information Security, many organisations have now opened their eyes and have started hiring external security consultants test their applications. These consultants typically come in for a few days every year and test the organisations’ web applications. They produce a report, which is then acted upon (or not, as it happens in many cases), and the matter is considered closed until the next year.

A false sense of security

The typical black box penetration test scenario described above gives organisations a false sense of security. Yes, these attacks simulate the behaviour of a real attacker. But they do not go deep enough. Have you ever asked yourself why year after year consultants keep finding new issues in applications which haven’t evolved much? Or why some consultants find a lot more vulnerabilities than others?

Our difference

At Agile Information Security, we specialise in white box application testing and code review. We couple the typical hacker simulation with an in-depth review of your code using automated tools and manual checks. If there is a vulnerability in your application, we will find it. As we have found in dozens of proprietary and commercial applications. A typical security code review combined with a penetration test will find at least 50% more vulnerabilities than a penetration test alone.

Penetration Testing

Our consultants have accumulated years of experience of performing penetration tests on applications. We simulate an attack on your application as a real hacker would in various ways.

Black Box Penetration Test

Our most basic service, which is the most commonly offered by security consultancies. We probe your application’s defenses from the outside and attempt to subvert its controls, bypass its business rules of operation and take control of it.

White Box Application Test

A much more comprehensive service than the Black Box. We perform the same tests but couple them with a “lightweight” code review. We review your code for the most common security vulnerabilities, such as Cross Site Scripting, SQL Injection, Code Execution, Cryptographic problems and many others. This is the service we sell the most, and a way to get very quick “wins” if you are trying to improve your applications’ security stance. It is also the method we use to find many vulnerabilities in proprietary and commercial software.

If you would like a more thorough and complete code review to find up to 100% of all the vulnerabilities in your code, we also have a service for that.

Specialised services (Reverse Engineering and Fuzz Testing)

We also provide a range of more specialised services that can assist you in finding vulnerabilities. We are experts in fuzzing technologies and also in reverse engineering. Lost the source code for an old application and need to interact with it? No problem. Need to perform security testing on a third party product? No problem!

AGIS Find n' Fix

Many organisations simply do not have the expertise to find security problems, hence why they hire external consultants. But what if your developers do not have the experience or necessary knowledge to fix security problems? Or what if you believe a security vulnerability was fixed… only to find the year after that your application is still vulnerable?

A unique service for startups and SMEs

We have the expertise to provide a unique find and fix service. We find vulnerabilities in your application, and we provide the code patches and guidance necessary to fix them. We follow up with you to verify if the vulnerabilities have indeed been fixed, and perform re-testing of your application to confirm this.

Contact us today to find out how we can help you.