Security Smith, LLC is a boutique security consulting company out of the beautiful Pacific Northwest. We specialize in providing high quality web application security testing and consultation. The owner, Andrew Luke, has a background in application security engineering, network and web application penetration testing, and IT operations.
Security Smith was started as a way to meet the high demand for quality web application testing and low supply of consultants with the knowledge and passion required to meet that demand. Our goal is to bring gaps in your web application's security to your attention and assist you in remediation with specific guidance that fits your situation and infrastructure.
A security focused test of a web application, API, or mobile application. Testing can be performed from a white or black box perspective. Black box testing is intended to simulate an attacker without inside knowledge of the application or API. White box testing typically involves a combination of source code assisted testing, architecture review, and increased interaction with developers. In both cases, testing includes authenticate and unauthenticated testing contexts. Classes of vulnerabilities evaluated and tested include: authentication, authorization, session handling, input validation, data protection at rest and in transit, and injection.
A security review of the source code for a web application or API. Code review allows for a more comprehensive security assessment when compared to black box testing. Focus points include: entry-point logic, authentication logic, authorization logic, session management logic, communication security, secret key management, input validation and sanitization, output encoding, direct-object references, issues that may pose a denial-of-service risk
There are many components that make up AWS. Security testing and audits can be performed on individual components or your entire AWS environment. For example, S3 Bucket Penetration tests can be performed to ensure private buckets are properly configured and public buckets are not overly permissive. A more comprehensive evaluation is an audit of your AWS environment based on the Center for Internet Security AWS Foundations benchmark.
Feel free to contact me for anything from business inquiry to security questions at methods below, or fill out and submit the form: