If you're doing business on the Internet and have custom software running in the wild, then you likely are dangerously exposing yourself to the bad guys and have no idea. In most cases these vulnerabilities have yet to be discovered and exploited, but it's only a matter of time.
Every day we see new cyber-attacks in the news. Over and over again good companies are permanently damaged because of an unknown and undetected vulnerability. Many of these vulnerabilities are simple to fix, if you only knew about them. If you are running customized software in the wild, whether you are developing it in-house, or outsourcing it, you are one-hundred percent responsible for ensuring that it's secure.
Critical to developing secure software is to ensure you have a secure Software Development Lifecycle SDLC. For more information on how Gort can help you set up a Secure Development Lifecycle, see Secure DevOps with Gort.
Testing is an integral part of a Secure Software Development Lifecycle. On the front-end of the development lifecycle we employ automated unit testing, regression testing and Static Application Security Testing (SAST), which is a pure white-box test that scans the application source code looking for security flaws in its design or implementation.
On the back-end we perform usability testing to ensure that the system adheres to the design specifications, Automated Dynamic Application Security Testing (DAST), and Penetration Testing.
The difference in DAST vulnerability scanning, and Penetration (Pen) Testing is that DAST is an automated scan that employs sophisticated rule sets, while pen testing consists of a team of dynamic web application experts who methodically pore over an application's interface, looking for common design and implementation mistakes which provide an unintended entry point into the system.
Gort consultants are experts at penetration testing. We thrive on breaking software but since we're good guys, we use our power for good rather than evil. We can work with your technical teams to set up an isolated penetration testing environment. Then, using the same techniques that attackers do, we will expose flaws in your software so that you can fix them; hardening your Internet facing enterprise data systems.