Services offered by Red Security

By: Red Security  09-12-2011
Keywords: Security, web applications, web application

Web Application Security

We provide a thorough security examination of web-based applications. The objective of the service is to ensure that the application is securely deployed, configured and written with all security considerations in mind. Our focus is to identify all web-based vulnerabilities exceeding those covered by the OWASP Top 10, including, but not limited to:

  • Cross-site Scripting (XSS) of all types: reflected, persistent and DOM-based
  • Cross-site Request Forgeries (CSRF)
  • Remote Command Execution
  • SQL Injection of all types: blind and error-based
  • Directory Traversal
  • AJAX Insecurities and JavaScript Hijacking
  • Control-return Line-feed (CRLF) Injection and HTTP Response Splitting (HRS)
  • Weak Session Management
  • Privilege Escalation
  • Side-jacking
  • XML Manipulation
  • Session Fixation
  • Insecure Storage
  • Information leakage in public resources

Penetration Testing

Penetration testing simulates an attacker attempting to gain access to a specified target server or application. We provide Onsite and Offsite penetration testing services which may include Black Box, White Box or Crystal Box approach to the given task. A penetration test involves the use of automated testing tools as well as manual test methods to review the security from an external or internal perspective.

Data Leak Testing

This test will help ensure no sensitive materials and prohibited data is leaving or entering your network.

Host Hardening Review

Our team can perform configuration and deployment reviews on a wide range of operating systems and devices, to ensure they are configured and deployed in line with industry best standards. This ensures that systems are running with the smallest attack footprint possible, are fully patched and configured in the most secure manner.

Security Training

Secure Coding For Web Applications

This course will teach attendees about the common vulnerabilities in web applications. The course will cover how these vulnerabilities can be located, exploited, and prevented through proper coding standards.

Web Application Testing

This course will allow internal security staff to gain skills and understanding of the processes used during a web application test. This will allow them to perform internal application reviews with a high level of confidence.

Managed VPN

We eliminate the need for your company to keep a full time IT around by leasing you our cutting-edge, high-availability VPN access servers for your road warriors and other company needs.

Secure Hosting Platform

We know how difficult and complicated to setup and secure your own servers, or worse – trusting your hosting provider. RED SECURITY has a dedicated team constantly monitoring and tweaking our Secure Hosting Platform.

Keywords: Application Security, Application Testing, Penetration Test, Penetration Testing, secure hosting, Security, Security Staff, Session Management, web application, web applications,

Other products and services from Red Security

09-12-2011

Secure Web Development | Red Security Consulting

Course Description This class is intended to teach application developers and architects the principles of secure application development and best practice defensive coding techniques. Common application vulnerabilities and weaknesses are explained along with techniques for avoiding and/or mitigating the issues. Sample Outline The following is a sample outline that includes the examples of the core topics covered in this class.


09-12-2011

Penetration Testing | Red Security Consulting

A penetration test involves the use of automated testing tools as well as manual test methods to review the security from an external or internal perspective. We provide On-site and Off-site penetration testing services, which may include Black-Box, White-Box or Gray-Box approach to the given task. This test simulates a real-world attacker who has to study and learn about the target from public and proprietary sources.


09-12-2011

Training | Red Security Consulting

Red Security offers advanced training courses designed to teach techniques for testing application security and building secure applications. This course will allow internal security staff to gain skills and understanding of the processes used during a web application test. All of our courses include live demonstrations and interactive exercises to reinforce the concepts taught during the class.


09-12-2011

Applications Security Testing and Hacking

Course Description This training course is focused on teaching students how to both identify and exploit application vulnerabilities using the same techniques as professional application penetration testers and real-life attackers. Sample Outline The following is a sample outline that includes the core topics and example sub-modules taught during the class. Intended Audience Security Officers, Application Testers and Architects.