• Introduction
• Strategic IT Consulting
• Identity & Access Management
• Security Assessment
• Security Auditing
• Ethical Hacking
• Secure Wireless
• Secure Infrastructure
• Application Development
• Managed Services

If your organization needs a true reflection of your current security posture or wishes to evaluate a 3rd party off-the-shelf or custom developed application, the Ward Solution Penetration Test is vital in determining the true security risk.

Ward Solutions Web and Application Penetration Test examines security weaknesses from the perspective of a hacker exploiting issues using both conventional and unconventional tricks and methods used by a typical hacker.

Our penetration testers skills take the traditional vulnerability assessment one step further, removing the false-positives often associated with vulnerability assessment, and quantifying your true business exposure to issues identified.

For example if a SQL Injection vulnerability is identified in your application our penetration tester will validate if it is possible to identify and download critical database tables, and/or use this exposure to gain access into your Corporate Network. Through examples, and screenshots we present the results providing you with a well-informed true and accurate representation of your organizations security posture, along with detailed specific steps to take on how to close or reduce the risk to an acceptable level.

Ward Solutions Penetration Testers are highly experienced in this area and pull knowledge from our combined Secure Application Development, Security Assessment, and Network and Security Infrastructure Implementation Engineers. Using industry knowledge we identify the typical shortcuts, insecure practices and mis-givings deployed at both the application development and underlying host, network and security layers.

Based on our experience most of the exploits we uncover are at the application level in customer developed or off the shelf applications. Very often this is your organizations web site. Our experience is that most organizations already have deployed an industry standard firewall and have locked down the firewall policy and external routers. The following provides a breakdown of where exploits are uncovered:

The Ward Solutions Web and Application Penetration Test focuses on both the applications and underlying network architecture. In addition to the OWASP Top 10 Web Application issues, we test for all issues exposure from your security perimeter using both conventional and non-convention methods. This leads to a well-informed accurate and true view of security posture. Source Code Review may also be included when examining an application. Penetration Testing is not only best practice but also required of many of the government industry compliance standards (e.g. PCI DSS).