Security Testing

In today's world, the number and variety of threats to IT systems are multiplying daily, as is the number of security products and services to address them. Businesses that trade electronically are particularly vulnerable to risks such as fraud or breaches of confidentiality, causing loss of assets and damage to their reputation. For these companies, information and transactions need to be protected by means appropriate to their value and their potential for consequential loss.

Pyramid Security Services address the numerous mission-critical information security challenges faced by our enterprise clients throughout the world. Our approach Service Overview Security is to help you build-in security right from the start. Working with you throughout the different stages of your IT business change cycle, we assist with the early identification of security threats through code reviews, functional security tests and vulnerability checks. For existing systems, we can provide independent technical design and implementation reviews, followed by a detailed testing cycle to ensure the system is secure when operational.

Pyramid is the ideal partner to ensure the systems you implement support the security needs of your business in a comprehensive and robust manner.

Security Services Summary

Software security has two major aspects. From the outside, security centers on stopping unauthorized access into the system. From the inside, security is about retaining confidential information within the system. PYRAMID addresses both these issues with two complementary Security Testing services. Our Web Application Penetration Testing service starts from the outside and evaluates the security of your web applications from the perspective of an attacker. The Security Code Review service takes the viewpoint of the system architects and developers and promotes a security awareness approach from within.

Web Application Penetration Testing (WAPT): WAPT addresses the security risks inherent in placing applications on the internet. The major risk that the internet brings is the possibility that unauthorized users will maliciously gain access to your systems and cause direct or collateral damage to the systems and your organization. PYRAMID offers two levels of WAPT to militate against this.

There is the WAPT Essentials service. This is designed to provide a rapid evaluation of your web application's security. The WAPT Essentials service is ideal if the application has not been subjected to any other security testing and has already become operational.

PYRAMID would typically perform penetration testing on four user identified URLs using the Open Web Application Security Project (OWASP) Top Ten vulnerabilities list. A broad range of companies and agencies around the globe are using the OWASP Top Ten, so it represents a broad consensus about what the most critical web application security flaws are.

For those organizations needing a more in-depth cycle of security testing and the detailed analysis of the test results we also offer the WAPT Advanced service. Vulnerabilities including, but not limited to, the end to end environment and the web application are determined as part of the WAPT Advanced service. The Pyramid WAPT services are delivered through our Security Center of Excellence. Here, we address the most important mission-critical information of security challenges.

Security Code Reviews: Information security may be about securing your confidential data, but the data does not go anywhere until it is processed by the application code. The code is where security defects originate. Like all defects, the further from the point of origin you go, the more difficult and expensive it becomes to detect and remove them.

Research continues to show that code reviews are a significantly more cost effective testing solution than traditional dynamic black box testing. This is why Pyramid has developed our unique and innovative Security Code Review service.

Pyramid has built a skilled research and innovation team constituting Technical Architects, Security Domain Specialists, Project Managers and others to put together a pragmatic framework for doing Security Code Reviews.

The results of the Security Code Review are a set of review reports tailored to the relevant stakeholders. In particular, all relevant technical information is made available to the IT stakeholders and an Impact Assessment is produced for the business stakeholders. A Security Code Review will return significant value as critical security defects will be identified. Removing these defects will give greatly enhanced protection against intrusion, information loss and collateral damage to your business.