Black Box Penetration Testing
During black box testing no information regarding the internals of the (web) application is provided. This approach allows the creation of realistic attack scenarios in order to better understand underlying risks. During a black box penetration test our researchers try to gather information on the operation internals of the application and identify vulnerabilities. The identified and confirmed vulnerabilities are classified according to the ease of exploitation by an attacker and the impact of a potential malicious attack.
When an application’s source code is available, source code review is the most effective method of identifying vulnerabilities. Project Zero divides the code into logical segments and thoroughly investigates for potential vulnerable points which an attacker could exploit in order to cause damage to the application (and its users) or even the infrastructure hosting it.
Our team can review projects of any size in the following programming languages :
Application : C/C++, Java, .NET, Python, Perl
Web application: PHP, ASP.NET, JS, Python, Perl
Mobile Application Security Auditing
The growing usage of smartphones and tablets devices has shifted software development towards mobile devices. As in every new developing area there is lack of experience tackling simple or more complicated security issues. Especially when the devices have multiple connection capabilities (WiFi, GSM, CDMA, Bluetooth, NFC) the security problems can be multiplied. Project Zero undertakes mobile application security audits in iOS or Android applications that your organization is using or developing.
Architectural Security Advice
The inherent security of an application is ensured more effectively when taken into account as a parameter during the first steps of its design. A secure architecture significantly reduces the cost and the time required for a project to go into production. Project Zero team can help you identify risks at all stages of your development process and design a comprehensive security policy for your application .