Security Testing Services
SaM Solutions provides QA security testing as an established continuous process. The aim of software security testing services is to protect the software against unforeseen actions that may damage the functionality of the system.
SaM Solutions has extensive expertise to apply different testing strategies and techniques based on risk level and requirements in every particular case. Our highly qualified experts conduct an analysis to determine what security testing solutions are important in a particular case to achieve the best result.
DOMAINS
Web applications security testing is our core area of expertise. However, we also work with mobile, desktop, system and embedded software. Our team successfully completed projects within business domains such as:
- Cyber Security
- Supply Chain Management
- eCommerce
- Intellectual Property
- Mortgage
SECURITY TESTING METHODOLOGIES
- WHITE BOX — Software testing method in which the tester knows internal structure, design and mechanism of the application.
- GREY BOX — This is a combination of white-box testing and black-box testing based on limited knowledge of the internal details of the program.
- BLACK BOX — This is a technique supposing testing of the functionality of software without going deep into its code and structure.
TYPES OF TESTING
Available testing options will span from fully automated techniques using industry standard security testing tools and SaM Solutions know-how self-created instruments to apply in-depth manual testing. By choosing our company, you can be sure that we will fit in your particular needs and utilize best-of-breed tools with customizations that match your business needs.
| SOURCE CODE REVIEW Review of program’s source code with the purpose of finding security faults and fixing them before the application is sold or distributed. |
PENETRATION TESTING QA Simulation of software attack on a computer system that looks for security bugs, potentially gaining access to the computer’s features and data. |
| SQL INJECTION A code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. |
XSS A code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. |
| CRFL INJECTION Injection of CRLF sequence into an HTTP stream, to get maliciously control the way a web application functions. |
VULNERABILITY SCANNING Automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. |
| TESTING AGAINST SENSITIVE DATA EXPOSURE Testing against access to information that must be protected from outside intruders. |
TESTING AGAINST SENSITIVE DATA EXPOSURE AND SECURITY MISCONFIGURATION Testing application, frameworks, application server, web server, database server, etc. for secure configuration. |
QA OF SECURITY SYSTEMS
SaM Solutions provides QA services to leading network security appliances vendors that operate under the highest international industrial environment standards. QA of Security Systems is an established process, which includes the following activities:
- Requirements analysis and defining test strategy and workflow
- Test planning and potential risks analysis
- Quality control procedures and acceptance criteria definition
- Functional and non-functional testing
- White-box and black-box quality control
- Acceptance testing and reporting
REQUEST A QUOTE
Is your request beyond the contact form? Prefer more personal communication? Send us an Email and we will get back to you as soon as possible!
Please, do not hesitate to share any of your ideas or demands with us. Clear-cut project requirements, a sketchy concept of a future software or any other concern, - we will help you address it, just let us know.
Scaling QA-Process to Ensure Uncompromised Quality of Expanding Palette of Industrial Security Products
SaM Solutions came on board as an independent software quality assurance partner offering end-to-end testing services, possessing decades of expertise with developing and testing firmware for network appliances based on Linux systems.
