Application Security

Our extensive experience in forensics has shown us that poorly developed web applications and payment systems are the leading cause of intrusions and loss of sensitive data.  Prometheus Global brings its extensive expertise in application security, coupled with our real world forensics and incident response expertise to bring your real world solutions to application security problems. Unlike ivory tower companies, and pure compliance firms we know what works in the real world because we're the company called in to remediate intrusions. We can not only find the problems, but we can offer scalable and cost effective solutions from code fixes, to virtual patching, to system isolation to risk management.

Application Testing

Our application testing process helps you to identify weaknesses and vulnerabilities in your applications and to identify the remediation methods that will work for your business. Our testing methodology simulates the methods real attackers utilize. Some of the vulnerabilities we test for include:

  • Improper Client Session Handling
  • Parameter Manipulation
  • Buffer Overflows/Underflows
  • Dangling Pointers
  • Race Conditions
  • Weak Encryption Handling
  • Insecure Input Validation
  • Insecure Output Encoding
  • Ineffective Redaction
  • Weak Input Controls
  • Insecure and Broken Access Control
  • Insecure Error Handling
  • Information Disclosure
  • Injection Attacks (SQL, SSI, LDAP, XPATH, XML, RPC)
  • Cross Site Scripting (XSS)
  • Cross Site Request Forgery (CSRF)
  • Parameter Tampering
  • Command Execution and Meta character Attacks
  • Session Hijacking
  • Logical Attacks
  • Information Leaks
  • Mis-Configuration vulnerabilities

Code Review

As part of your application security review we can also perform a code review. Prometheus Global was founded by pioneers in the field of application security, founding one of the first firms to develop technology to perform static code reviews. Our expertise is unparalleled, we have been performed code reviews since the beginning of the field. Our code specialists will work with your development staff to not only find security issues, but also to improve the development process and fix your security problems in a secure, scalable and cost effective manner.

The Prometheus Global Difference

After completing an application assessment our customers not only fully understand the vulnerabilities and weaknesses in their applications, but also how to fix those problems. And with our remediation services, we can take care of that for you. From start to finish, we can secure your applications.