Our security testing services include penetration testing and manual code review. Together, these two methods achieve a more complete verification of your applications then either method alone.
Penetration testing is an example of black box testing in which we look at an application the same way an attacker does: from outside and with little knowledge of the internals. We first explore the attack surface of the application and then we test for common vulnerabilities. At the end we produce a report with all identified problems, explanations, and suggestions for fixing them.
Code review is an example of white box testing in which we look at the internals of the application: its code and configuration. This method finds problems that can easily go undetected through penetration testing because the scenarios are difficult to replicate.