Application Assessments
In the past, the main target area for real world attackers was typically an organisations external infrastructure. Attackers might have exploited vulnerable or outdated public services, such as a MySQL server.
With most of the world using cloud hosting today, this is less of a threat and so, attackers have moved onto more sophisticated attacks.
Application testing is a broad term for a variety of testing areas.
Web Application Assessments
Grizzly is not an organisation that runs a scanner and provides the output in the form of a report. Whilst we can appreciate the importance of using scanners to catch low hanging fruit, you are not engaging with us to run scans. Grizzly will primarily perform a manual assessment on your web application to ensure the hard to find bugs are discovered, where scanners will never have the complete logic to dive deeply and find. We’re talking about high risk bugs like broken access control and improper business logic. We do run scans too though, so if you do want the low hanging fruit issues, we have you covered using commercial tooling to ensure that all types of issue are covered in our engagement.
From low hanging fruit to high risk deep rooted issues that a scanner will never find. Our experts have you covered so the real world attackers don’t.
Mobile Application Assessments
Mobile applications are quite often overlooked when it comes to security testing. They shouldn’t be though, as these applications commonly use organisations infrastructure, APIs and other resources that could lead an attacker to a data breach. Mobile application might also contain hardcoded credentials or they may leave a users device vulnerable to various other attackers that your organisation doesn’t want to be responsible for. In all cases we have you covered.
Grizzly recognise that the mobile application testing space is incredibly immature. It hasn’t particularly developed much at all over the last 10 years and so, this means that if an attacker focuses their exploits on this area, they have a good chance at succeeding.
You might wonder why this is the case? Well, honestly, it’s because testing mobile applications is quite hard. This is due to root and jailbreak protections, as well as certificate pinning, which we usually have to bypass first before even testing an application. Also, when it comes to testing iOS, Apple have made it so difficult for security researchers to conduct assessments and we have to constantly play catch up with them to beat them – many testers just don’t.
At Grizzly though, one of our main aims as an organisation is to provide our experts with bench time. Using this time, one of the things we do is keep up to date and due to that, you will always get the best mobile application assessment on the market.
Compiled Application Assessments
Compiled applications refer to programs that would be run on a computer. For example, if you opened the calculator application on your computer, this is an example of a compiled application. You probably don’t want to test that though.
Grizzly experts are well versed in assessing compiled applications and have a well thought out methodology to do so. We have tested very large applications used for freight tracking and business management, all the way down to tiny applications used for door alarm management.
Compiled applications are commonly overlooked when it comes to security testing. Many organisations use these applications on internal networks or may provide the application to remote engineers who go on-site with a corporate laptop. However, big issues can be found here as these compiled applications usually tie into an organisations internal infrastructure. If an attacker stole that remote engineers laptop, they might try to exploit the compiled application and this may lead them into the internal network and further lead to a data breach.
Don’t let this happen to you, we have you covered.