Security Testing
SaM Solutions provides security QA service as an established continuous process. The aim of security QA is to protect the software against unforeseen actions that may damage functionality of the system. SaM Solutions has extensive expertise to apply different testing strategies and technics based on risk level and requirements in every particular case. Our highly qualified experts will conduct an analysis to determine what types of tests are important in a particular case to achieve the best result.
DOMAINS
Web applications security testing – is our core area of expertise. However, we also work with mobile, desktop, system and embedded soſtware. Our team successfully completed projects within such business domains as:
- Cyber Security
- Supply Chain Management
- E-Commerce
- Intellectual Property
- Mortgage
SAM SOLUTIONS’ EXPERTS ARE USING DIFFERENT SECURITY TESTING METHODOLOGIES
- WHITE BOX - Soſtware testing method in which the tester knows internal structure, design and mechanism of the application.
- GREY BOX - This is a combination of white-box testing and black-box testing based on limited knowledge of the internal details of the program.
- BLACK BOX -This is a technique supposing testing of the functionality of soſtware without going deep into its code and structure.
TYPES OF TESTING
Available testing options will span from fully automated technics using industry standard security testing tools and SaM Solutions know-how self-created instruments to apply in-depth manual testing. By choosing our company, you can be sure that we will fit in your particular needs and utilize best-of-breed tools with customizations that match your business needs.
| SOURCE CODE REVIEW Review of program’s source code with the purpose of finding security faults and fixing them before the application is sold or distributed. |
PENETRATION TESTING Simulation of software attack on a computer system that looks for security bugs, potentially gaining access to the computer’s features and data. |
| SQL INJECTION A code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. |
XSS A code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. |
| CRFL INJECTION Injection of CRLF sequence into an HTTP stream, to get maliciously control the way a web application functions. |
VULNERABILITY SCANNING Automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. |
| TESTING AGAINST SENSITIVE DATA EXPOSURE Testing against access to information that must be protected from outside intruders. |
TESTING AGAINST SENSITIVE DATA EXPOSURE AND SECURITY MISCONFIGURATION Testing application, frameworks, application server, web server, database server, etc. for secure configuration. |
QA OF SECURITY SYSTEMS
SaM provides QA services to leading network security appliances vendors that operate under the highest international industrial environment standards. QA of Security Systems is an established process, which includes the following activities:
- Requirements Analysis & Defining Test Strategy and Workflow
- Test planning & Potential Risks analysis
- Quality control procedures & Acceptance Criteria definition
- Functional and non-functional testing
- White-box and black-box quality control
- Acceptance Testing & Reporting
REQUEST A QUOTE
Is your request beyond the contact form? Prefer more personal communication? Send us an Email and we will get back to you as soon as possible!
Please, do not hesitate to share any of your ideas or demands with us. Clear-cut project requirements, a sketchy concept of a future software or any other concern, - we will help you address it, just let us know.
Scaling QA-Process to Ensure Uncompromised Quality of Expanding Palette of Industrial Security Products
SaM Solutions came on board as an independent software quality assurance partner offering end-to-end testing services, possessing decades of expertise with developing and testing firmware for network appliances based on Linux systems.
