Network services are still a common entry point for attackers into enterprises. As part of our clients’ needs to secure their server software, we’ve assessed Internet facing proxies, internal middle-tier RPC services, ProtoBuf servers, Java applications servers, as well as many other server-side products across a variety of languages. We’ve assessed all of these types of applications in both full-access source code audit scenarios as well as black-box reverse engineering.
Include Security uses the latest static analysis tool platforms such as Breakman/Fortify/PMD/IDA Pro to statically analyze source and binaries which identifies common server-side problems such as directory traversals, general memory corruption, stack-based buffer overflows, format string, heap overflows, use-after-free, privacy issues/information disclosures, arbitrary file access, insecure local file system access, resource exhaustion, denial of service and more. Through dynamic analysis and fuzzing we are able to find vulnerabilities using frameworks such as Peach and Sulley, as well as proprietary application-specific fuzzing frameworks for SUN RPC, SIP, SOAP, ProtoBuf, and other protocols.
In addition to tool automation, we are able to take manual analysis to the next level and find esoteric, critical-risk vulnerabilities that other consulting companies fail to find. This is where we stand out from the rest.
Copyright © 2014, Include Security LLC. Design by Star Graphic Design