Service

Business Solution

KoreLogic Differentiators/Benefits

Mobile Application Assessment

End-to-end testing (mobile device-to-backend) to verify that sensitive data and service availability are protected.

Ensure that the business benefits of mobile applications do not expose the organization or its client base to the risk that comes with cutting edge technologies.

One of the few security firms with mobile application security testing experience.

A proven track record of testing mobile applications for carriers, ASPs, and vendors.

Web Applications Assessment

Penetration testing of a web-enabled application for security weaknesses.

Penetration testing of the infrastructure supporting the web application (for example, network and host).

Ensure business partner requirements and client expectations for secure applications.

Help protect revenue-generating applications.

Extensive experience including designing customized tools developed from assessing over 100 business-critical Fortune 500 applications.

Limited reliance on automated scanners—We use proprietary and public domain tools that more accurately simulate a skilled attacker.

Security (Enterprise / Targeted) Assessment

Penetration testing.

Measure resistance of networks and systems to attack—Identify security flaws as they appear from outside or inside the security perimeter.

Testing to simulate how a skilled attacker would attempt a "no-holds barred" attack to gain access to a network or to target data.

Structured network, host, VoIP, wireless, or any combination of technical security assessment services. 

Test the effectiveness of security measures and the detection and response capabilities.

Due diligence / Compliance.

Help confirm understanding of IT security risks.

Our engineers are considered among the best in the industry for pen testing—we have conducted over 200 penetration tests.

Our staff uses a combination of proprietary and open source tools that more accurately simulate methods used by a skilled attacker.

We identify vulnerabilities and their root cause (to reduce the likelihood that the vulnerability will re-emerge) and provide a plan for correction.

Security Assessment of 3rd Party Service Providers and Business Partners

Assessment of security practices and extranet infrastructure security testing.

Help ensure that corporate and client data is protected by the service provider.

Regulatory compliance.

Our engineers have performed dozens of assessments of ISPs, ASPs, and business partners.

Our expertise allows effective interaction with providers and partners to accurately gauge the maturity of their security practices, infrastructure and flag areas of potential risk.

Product Security Assessment

Technical evaluation of product security strength in addition to product's ability to detect attack vectors. 

Determine product security strength prior to release.

Provide publishable independent assessment.

Product development "brainstorming" including critiques of new products, enhancements, etc.

Market intelligence regarding competing products provided there are no confidentiality or IP restrictions to doing so.

Performed this testing (on behalf of our clients, not the vendor) on a variety of security products (or products with robust security requirements) including Cisco, RSA (single sign-on), Foundstone, Google, and several IDS/IPS products. 

Analysis conducted by the same staff that performs security testing to detect/resist skilled attackers.

We are vendor-independent; our recommendations are unbiased.