Our Services

We perform Manual Penetration Tests. If an organization only hires a firm that uses automatic vulnerability scanners, critical items could be missed as automated vulnerability scanners often fail to pick up on more subtle security flaws. An experienced attacker may understand the context of the application and may figure out how to abuse its logic.

Penetration Testing

Most companies have their own set of cybersecurity tools––like anti-virus software, encryption codes, and vulnerability scanning––but how sure are you that these tools will be able to protect you in a real attack? Putting it in basic terms, penetration testing or pentesting involves a simulated real-world attack on a network or application. During the test, vulnerabilities are identified within your organization’s infrastructure and recommendations are made on how best to fix those weaknesses.

Vulnerability Assessment

The aim of Vulnerability Assessment is to discover security issues within applications or infrastructure the same way penetration testing does, but the major difference is that the vulnerability assessment does not attempt to exploit the vulnerabilities. During Vulnerability Assessment as much evidence as possible is recovered to support the finding, but this happens without attempting exploitation.

Red Teaming

As attackers become more sophisticated, it is important that organisations assess their capability to resist and respond to cyber-attacks based on an understanding of the key threats they face. Red Teaming goes further than just identifying gaps in your security practices and controls to prevent an attack; it can also provide valuable insights about your organisation’s capability to identify attacks in progress and remove them from the environment.

Web Application Manual Penetration Testing

Companies depend on web apps to handle their most sensitive information. With their growing complexity comes unforeseen security flaws and simple human error. This risk increases as web applications become more interconnected through the linking of APIs.

Mobile Application Manual Penetration Testing

Mobile is the new standard platform for application development, however, managing risk on these new devices is also a growing challenge as new app vulnerabilities are found every day.

Mobile application security testing provides a complete assessment of the mobile application which we perform for iOS and Android platforms.

Internal Penetration Testing

We recommend an internal network security assessment to all our clients who have sensitive information stored on their intranet or internal network, and prefer not to have them accessed by employees without proper roles or authorization.

Infrastructure Penetration Testing

Infrastructure security is a top priority for all IT managers. Organisations must be proactive in locating network vulnerabilities and resolving them, in order to prevent attacks that can cause system downtime, data loss, and damaged reputations. Whiteshield experts combine automated scans with manual techniques to find any vulnerabilities that may exist in your perimeter. We assess everything exposed to the internet, from web applications to employee portals.

AWS Penetration Testing Services

One of the largest challenges organizations facing these days is that certain parts of the applications are moving to the cloud, and managing application security risk has become a mission critical business objective. As penetration testing on the AWS cloud is unique, it brings its own set of security considerations. Some vulnerabilities are mitigated through Amazon’s security measures of course, but the complexity of these services leaves many companies exposed.

Source Code Review

Whiteshield provides code review services for our customers so they can detect and fix vulnerabilities in the web and mobile applications already at the development stage. We believe that the reason behind several security flaws is that the developers either ignore or they are unaware of all secure coding practices. Code review can help our clients fix basic security issues when it is still quick and easy to do so, and before any major damage has occurred. Unlike most companies we do not use automated solutions only to scan the code as these tools do not detect all security issues.

Reporting

We take pride in our penetration test reports as we believe that the reporting phase is probably the most critical part of your penetration test. Our pentest report has been designed efficiently in color-coded and graphical format to provide the flexibility necessary to satisfy all audiences ranging from upper management to technical staff including developers and system administrators.