Deny All Edge

Document Sample
Deny All Edge Powered By Docstoc
					    Deny All Edge
    Application Penetration Testing



Comprehensive                                     Edge Application Penetration Testing Solution
Cost-Effective
                                                  DenyAll Egde Security provides comprehensive web application testing
On-demand                                         for your packaged, open source, in house and custom applications.

                                                  FEATURES *
 Industry’s first “Software as a Service”               Covers all OWASP web application vulnerabilities classes &
  penetration testing for applications,                   WASC 26 classes – total of over 200 000 tests
  network and compliance                                      o SQL Injections, Cross-site Scripting, Session
                                                                   Handling, HTTP Response Splitting, Stealth
                                                                   Commanding, Application Buffer Over Flow, LDAP
                                                                   Injection, XPath injection, XML/SOAP tests
 Manage compliance for ISO-27001, PCI,                  Specialized testing for emerging web 2.0 technologies
  SOX, HIPAA & others
                                                              o Testing for JavaScript, Adobe Flash, AJAX, Java
                                                                   Applets, ActiveX
                                                         Business logic vulnerability verification
 Artificial intelligence based technology
                                                         Hybrid Testing using automated scanning with expert
  can simulate human hackers to find all                  analysis & validation
  possible attack paths in networks &                    Security expert validation & manual exploitation for critical
  applications                                            vulnerabilities
                                                         Flexible compliance reporting with effective prioritization of
                                                          threats

    BENEFITS
             On Demand : Schedule tests& view reports anytime using on-demand portal
             Comprehensive : Eliminates false positives & detects vulnerabilities otherwise missed out in traditional
              testing
             Cost-Effective : Easy subscription plans provide higher security ROI

    DELIVERABLES
             Comprehensive Assessment Report with prioritized vulnerabilities and effective remediation
              recommendations
             Delivery via on demand portal or by encryption email
             On Demand Portal Access which provides security posture & trend visibility

    HOW IT WORKS




    For further information or to discuss your requirements in more detail, please contact Deny All sales department
    on +33 (0)1 40 07 47 14 or by emailing sales@denyall.com

    *Features will vary between packages

                                                                                                      www.denyall.com
Edge PENETRATION TEST FEATURES – Depending upon the                                                                                 High Performance
                                                                                                                                    Enterprise solution
package you select, you get:
                                                                                                                                     This Security’s technology
           On Demand secure portal access
           Automated web application testing                                                                                           has won several global
           Automated penetration testing                                                                                               recognitions from Red
           Automated retest and verification                                                                                           Herring, Intel, UC-
           Manual exploitation of critical vulnerabilities. Expert validation along with automated                                     Berkeley, US Dept. of
            scanning                                                                                                                    Homeland Security &
           Custom application tests                                                                                                    others

                                                      Authorization                                                                  The security research team
  Authentication                                              Credential/ Session Prediction
                                                                                                                                        discovered vulnerabilities
           Brute Force                                       Insufficient Authorization
                                                                                                                                        for the first time in the
           Insufficient Authentication                       Insufficient Session Expiration
           Weak Password recovery                            Session Fixation
                                                                                                                                        world in leading software
            Validation                                Command Execution                                                                 products of Microsoft,
           Web Server/Application                            Buffer Overflow                                                          McAfee, HP, Intel, IBM
            Fingerprinting                                    Format String Attack
  Client-side Attacks                                         LDAP Injection                                                        Deny All Customers include
           Content Spoofing                                  OS Commanding                                                            large media, telecom,
           Cross-site Scripting                              SQL Injection                                                            government, technology
           HTTP Response Splitting                           SSI Injection                                                            companies and banks
  Information Disclosure                                      XPath Injection
           Directory Indexing                        Logical Attacks
           Information Leakage                               Abuse of Functionality
           Path Traversal                                    Denial of Service
           Predictable Resource Location                     Insufficient Anti-automation
                                                              Insufficient Process Validation

             Specialized testing for emerging web technologies
                   o     Testing for JavaScript, Adobe Flash, AJAX, Java Applets, ActiveX
                                                                                                                                    Deny All is member of SAP
             Business logic vulnerability verification
             Application denial of services defense verification                                                                   Global Security Alliance,
             Architectural vulnerability testing and verification
             Custom tests and manual exploitation for trust models                                                                 CLUSIF, OSSIR, and
             Flexible compliance reporting for PCI, ISO 27001, SOX Effective threat priorization
             Security expert consultation
                                                                                                                                    Associate Member of
                                                                                                                                    the Liberty Alliance.

 OUR PACKAGES

                                                                                                                                            Find Deny All
                                                                                                   ing




                                                                                                                                          in the world on :
                                                                 ion


                                                                            P ack




                                                                                                                  pt
                                                                                               Test
                                                            ficat




                                                                                                             o nce




                                                                                                                                         www.denyall.com
                                                                                                                            ra ge
                                                                                          ogic
                                                                          ance
                                                        Veri




                       For Websites
                                                                                                         of C



                                                                                                                       C ove
                                                                                    ess L
                                                                           pli
                                                         ual




                                                                                                         f
                                                                                                    Pro o
                                                                       Com
                                                     Man




                                                                                     n




                                                                                                                                    Deny All resolves the content
                                                                                 Busi




                                                                                                                                    problem, the principal medium
                                                                                                                                    for attacks over recent years,
               • Small Size                                                                                                         with its range of proactive
               • Less Complex                                                                                                       application control and flow
   Basic       • Low Attack Risk                                                                                                    acceleration solutions.
               • In-Frequent Code
               Changes                          No          No               No             No               WASC 13

          • Medium Size                                                                                                             Contact
 Standard • Complex Functionality                                                                                                   info@denyall.com
          • Medium Attack Risk                                                                                                      Tel : +33 (0)1 40 07 47 14
                                                Yes         Yes              No             No               WASC 17                Fax : +33 (0)1 40 07 47 27
                                                                                                                                    23, rue Notre Dame des Victoires
         • Large Size                                                                                                               75002 Paris - France
         • Complex Functionality
 Premium • High Attack Risk & Mission
         Critical
         • Frequent Code Updates
                                                Yes         Yes              Yes            Yes              WASC 24+2



                                                                                                                                             www.denyall.com

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:7
posted:7/13/2011
language:English
pages:2