Devfense protects your business from network infrastructure, website and application threats

Learn more (click tabs above)...

Devfense DNA combines the capabilities of our toolkit and experienced systems analysts to provide:

• Support for your business case for IT planning and budgeting
• Infrastructure-focused business analysis and process review
• Discovery, inventory and analysis of internal network infrastructure, platforms, servers and operating systems
• Systems health evaluation
• Supporting documentation to enable development of IT operations, policies and procedures

The benefits of Devfense DNA include:

• Comprehensive reporting of systems infrastructure and operations
• Improved productivity, enabling staff to make better use of current IT infrastructure.
• Information to assist in maintaining operational continuity and protecting your revenue stream.
• Proven methodology that allows for more timely assessment, with greater scope and detail than most organizations could conduct by themselves.
• Provides the benefit of advanced evaluation tools and skill sets without significant investment in people, hardware, or software.

DNA customers receive:

• An onsite inspection of facilities and IT environment
• A comprehensive, detailed report with presentations and executive-level highlights included.
• IT systems and topology diagrams
• Foundation data to enable follow-up Devfense NSA engagement

Learn more (click tabs above)...

Devfense NSA combines the capabilities of our toolkit and experienced security analysts to provide:

• Comprehensive interview with IT stakeholders
• Comprehensive security analysis against SANS (SANS Intitute top 20), OVAL (Open Vulnerability Assessment Language), CVE (Common Vulnerabilities and Exposures - MITRE), CVSS (Common Vulnerability Scoring System Threat Classification Standards)
• Vulnerability discovery and assessment of internal and external network infrastructure, platforms, servers and operating systems
• Penetration testing
• Forensic services
• Development of network security policies and network security awareness training

The benefits of Devfense NSA include:

• Identification of ways to reduce risks and associated opportunity costs from data security incidents
• Provides direction relating to risk exposure and regulatory compliance.
• Provides the benefit of advanced evaluation tools and security-oriented skill sets without significant investment in people, hardware, or software.

NSA customers receive:

• A report with details of remediation tasks prioritized according to risk and effort level. Areas covered are based on the ISO 17799:2005 standard, including:
  

  Remote Access, Access Control, Password Policy, Segmentation, Encryption, Data Classification, User Account Management, Patch Management, Network Disaster Recovery and Business Resumption Planning, Security Awareness, Backup Systems

• An assessment of IT policies and procedures
• Documentation of vulnerabilities and prioritized fix recommendations for critical systems

Learn more (click tabs above)...

Devfense WSA combines the capabilities of our toolkit and experienced web application security analysts to provide:

• Testing for common web application vulnerabilities and their attack variants such as those identified in the WASC (Web Application Security Consortium), OWASP (Open Web Application Security Project), and SANS (SysAdmin, Audit, Network, Security) Institute's top 20 – including:
  

  Cross site scripting (XSS), SQL injection flaws, Malicious file execution, Insecure direct object reference, Cross site request forgery, Information leakage and improper error handling, Broken authentication and session management, Insecure cryptographic storage, Insecure communications, Failure to restrict URL access, Improper Web Server Configuration, Session hijacking, Cookie Poisoning, Man in the middle attack, privilege escalation, clickjacking

• Devfense WSA can also scan for vulnerabilities found in many Web 2.0 applications such as Javascript, AJAX, SOA, Adobe Flash and dynamic websites that perform URL rewriting (such as IBM WebSphere).

The benefits of Devfense WSA include:

• Evidence for companies to prove to their customers and partners that their website or applications have been thouroughly checked for security compliance. This provides much more than just a security badge.
• A WSA comprehensive security report to provide expert recommendations on how to fix sites to ensure real security.
• a rapid way to identify application vulnerabilities that could lead to a data security breach
• Extensive information gathering and web application operation analysis research not available in SaaS offerings
• Comprehensive penetration testing with execution of tens to hundreds of thousands of attack variants depending on the application
• On-budget web security assessment and consultation provided quickly and accurately
• Web security experts ready to undertake vulnerability fixes, application hardening and disaster recovery planning

WSA customers receive:

• An executive summary presentation of findings, including slides for client use.
• A comprehensive security report that provides a detailed list of vulnerability fix recommendations, based on the consultants' findings through information gathering, penetration testing and other automated testing
• Additional fee for service consultation for internal IT resources or contracted PCIS web security tools and experts to remediate your application vulnerabilities
• A customized report detailing the specific security compliance regulations that apply to your organization. Over 40 different legislative and industry compliance reports are available.