Application Assessments
RedSquall employs domain experts to tackle your application security needs. Securing your product from threats and protecting your customers is our priority for these assessments.
Web Applications
Protect your customers and your brand by identifying vulnerabilities within your application. Our engineers will review your source code, identify real issues, and demonstrate novel attacks.
​
Typical Findings
-
Insufficient authorization checks allow customers to access each other's data
-
Improper input validation leads to classic attacks like SQL Injection and Cross-Site-Scripting
-
Insecure coding practices in use, such as hard-coded credentials, improper use of cryptographic functions, and enabled debug code
Mobile Assessments
Mobile assessments involve Android/IOS applications and the APIs they communicate with. RedSquall leverages source code analysis and manual testing techniques to identify abuse cases that could lead to account compromise or loss of customer data.
Typical Findings
-
Insufficient authorization controls implemented in APIs
-
Mobile applications use insecure methods of storing cryptographic secrets
-
Mobile device logs leak sensitive information
-
Applications vulnerable to MiTM attacks
Our Process
First, we work with you and your team to understand your requirements. Whether your assessment is driven by compliance, internal policy, best practices, or customer-specific requests, we can support it.
​
We work with you to choose the best assessment methodology to fit your requirements and budget. Much of our testing leverages the OWASP ASVS framework; however, we understand that identifying real issues is both an art and a science. Our team will combine ASVS with customized testing scenarios unique to your product to maximize coverage.
During Testing
We collaborate with your engineering teams in real time using whatever messaging service you prefer. As findings are generated, you are immediately alerted and provided with reproduction steps to remediate the issues quickly. Our team will retest findings as you fix them throughout the assessment.
​
Delivery
The assessment concludes with a detailed report articulating your product's security posture and the vulnerabilities discovered. Each finding includes reproductions steps and recommended remediations specific to the issue. Finally, the team will present our findings to your stakeholders and deliver your report. Customized reports designed for customer consumption are available upon request.
​
If you choose to conduct a retest of all findings after you have completed remediations, RedSquall will verify that your fixes worked and provide an amended report detailing the updated security posture of your product.