• Book Demo

Third-Party Security Assessment and Auditing

Proactive Security Services for Staying Ahead of Threats

The services listed below can be conducted individually or combined to reveal how chains of vulnerabilities present paths of exposure across your environment. All services include reports documenting test procedures, details on confirmed security weaknesses, and remediation recommendations.

Comprehensive Penetration Testing

CORE’s Comprehensive Penetration Testing services mimic an attacker seeking to access sensitive assets by exploiting security weaknesses existing across multiple systems. This service identifies vulnerabilities and reveals how networks designed to support normal business operations can provide attackers with pathways to backend systems and data.

During the engagement, we begin by assessing your network or application infrastructure’s “weakest links” and other possible venues of attack. We then determine the ramifications of each compromise by attempting to escalate privileges on the entry points and pivoting to determine whether any other systems can be subsequently targeted and breached.

  • External or internal network tests to assess OS and services vulnerabilities
  • Client-side testing to assess end-user susceptibility to social engineering threats
  • Application penetration testing
  • Wireless penetration testing
  • Cross-vector testing to reveal attack paths across multiple infrastructure layers


Application Penetration Testing and Security Assessment

Our Application Penetration Testing and Security Assessment services can be employed to test your custom web applications as well as standard applications like antivirus, embedded applications, games, and other system applications. During application testing engagements, our consultants pursue the following goals:

  • Reveal security vulnerabilities resulting from implementation errors
  • Expose weaknesses stemming from the application’s relationship to the rest of the IT infrastructure
  • Assess application security versus attacks via multiple techniques
  • Identify security design flaws
  • Increase end-user confidence in the application’s overall security


Web Services Security Assessment

Many companies today provide cloud-based or web services-based solutions. With Web Service Security Assessment, we provide a comprehensive evaluation of the security posture of an application or solution based on Web Services technologies (e.g., SOAP or REST). Given the complexity of Web services-based solutions, this service is highly customized and incorporates manual testing performed by professionals with vast experience in Web Services assessments.


Source Code Security Auditing

During a Source Code Security Audit, our experts manually inspect the source code of your new or existing application for security weaknesses. This service includes:

  • Review of authentication, authorization, session and communication mechanisms
  • Identification of programming-related issues such as buffer overflows
  • Identification of input and output related vulnerabilities
  • Review of third-party libraries
  • Security validation of cryptographic functions and routines


Wireless Penetration Testing

We offer a wide range of Wireless Penetration Testing services, from security tests of standard corporate Wi-Fi networks to assessments of specialized wireless solutions. For corporate Wi-Fi deployments, we identify wireless exposures using techniques including information gathering, traffic sniffing, and authentication bypassing. We also offer custom research services and security evaluations for technologies including wireless IPS, wireless payment devices, and other solutions.


Leading-Edge Technology Testing

As leaders in security testing for leading-edge technologies, CORE Security Consulting Services can help you to understand the real degree of exposure in your complex technology solutions. Leading-edge Technology Testing services are customized to address your specific needs. Past engagements have included the testing of:

  • Encryption and anonymization mechanisms
  • Virtualized environments
  • Sandboxes
  • Cloud-based DLP solutions
  • Copyright protections
  • VOIP solutions


Next Steps

Request Info