WhiteBeam Security provides professional services to analyze and test the security of web applications. We offer passive and active code review as well as penetration testing services using a combination of industry standard tools and proprietary techniques to find exploitable vulnerabilities. Our reports are clear and complete and always include classification of the severity of vulnerabilities found as well as recommendations for mitigation or remediation.
Each web application testing engagement is tailored to the specific needs of the client and the characteristics of the application being evaluated. A typical assessment begins with defining the scope, followed by a kickoff session to confirm clear understanding of the rules of engagement. Tests authorized against QA instances, or optionally production instances, can be performed to confirm the exploitability of issues found in a code review. During a full penetration testing engagement, our testers are able to move laterally through systems and escalate privileges in order to understand the contextual impact and relative severity of each issue as they are documented. These issues are described in a written, comprehensive report, which is prepared and delivered at the end of the security audit. Finally, a close out session is held, where the findings can be discussed between affected teams and the testers.