Script kiddies rely on automation;
Unlike many competitors in the industry, automated testing is only the beginning of our process, which is then followed by extensive manual testing. The fundamental problem with automation is that it is prone to false positives (e.g., incorrect findings) and false negatives (e.g., missing critical areas of the application, lack of context, chained exploits, and more). Our expertise in the area takes our offerings beyond the sledge hammer approach and explores opportunities for more advanced attackers.
A significant differentiator is that Packetlabs’ consultants develop a threat model of your application and take the time to understand the overall purpose of and the components which interact with sensitive information or functionality. This approach enables a real-world simulation of how an attacker will target your application and offers significantly more value. Only after thorough analysis do we begin attempting to manually compromise each layer of defence within the environment.
The basis of our application security testing is guided by an enhanced version of the OWASP testing methodology. The following issue types will be examined:
What We Deliver
At the completion of this service, we draft a detailed report, including an executive summary, outlining the overall state of the application and our technical findings coupled with recommendations. Attacks involving multiple exploits are documented in a narrative to outline how an attacker could chain vulnerabilities together in order to compromise your application. Putting the pieces together, we perform root-cause analysis and provide both tactical and strategic recommendations.