Product Spec Sheets

Service

Description

Value

Cost Structure

Dynamic Application Security Testing

Automated testing and reporting with BurpSuite Enterprise.

Identify production security vulnerabilities, reducing time of exposure with comprehensive coverage

Managed service for regular scanning as applications evolve over time, e.g., daily or weekly scanning.

Application Penetration Test

Manual investigation and creative hacking to identify unique vulnerabilities.

Security experts with years of experience identify vulnerabilities that scanners miss but malicious actors may find.

Individual contracts are offered as a managed service for periodic testing as applications evolve over time, e.g., quarterly or semiannually.

Static Code Analysis

Static code analysis (SCA) using various tools.

SCA assesses uncompiled source code to identify vulnerabilities early in the development cycle. SAST provides excellent mitigation advice and informs training programs.

Individual contracts are integrated into your development process for immediate, incremental scanning in agile environments.

Network Vulnerability Scanning

Automated scanning with a cross-section of security tools. Manual false-positive removal and reporting.

Identify security vulnerabilities, reduce the time of exposure, expert false positive removal, and make mitigation recommendations. Complementary to change control by identifying new devices within an IP range

Individual contracts are offered as a managed service for regular scanning as environments evolve over time, e.g., daily or weekly scanning.

IT General Controls Attestation

Interview and evidence review utilizing industry frameworks, e.g., NIST CSF, ISO 2700/2.

Comprehensive view of security to align control maturity with business risk tolerance. Inform security investments and convey security to customers and partners.

Annual review with time and cost savings leveraging previous assessments.

Network Penetration Test

Manual investigation and creative hacking to identify unique vulnerabilities. On internal, external, and wireless networks

Security experts with years of experience identify vulnerabilities that scanners miss but malicious actors may find.

Individual contracts are offered as a managed service for periodic testing as networks evolve over time, e.g., quarterly or semiannually.

Social Engineering

A combination of phishing, vishing, and on-site social engineering attempting to gain access to secure information and areas to help train employees using real-world techniques

Security experts with years of experience identify gaps in employee training and building security

Individual contracts or offered as a managed service for periodic testing.

Security Staff Augmentation

Complement and scale existing IT resources to execute security program activities, e.g., perform internal audits, configure secure systems, author policy and standards, deliver monitoring and response services

Jump-start security services without hiring commitments and expense. Evaluate personnel for full-time employment.

Quarterly engagements with optional contract-to-hire arrangements.