Web Application Testing

A security focused test of  a web application, API, or mobile application. Testing can be performed from a white or black box perspective. Black box testing is intended to simulate an attacker without inside knowledge of the application or API. White box testing typically involves a combination of source code assisted testing, architecture review, and increased interaction with developers. In both cases, testing includes authenticate and unauthenticated testing contexts. Classes of vulnerabilities evaluated and tested include: authentication, authorization, session handling, input validation, data protection at rest and in transit, and injection.  

Code Review

A security review of the source code for a web application or API. Code review allows for a more comprehensive security assessment when compared to black box testing. Focus points include: entry-point logic, authentication logic, authorization logic, session management logic, communication security, secret key management, input validation and sanitization, output encoding, direct-object references, issues that may pose a denial-of-service risk

AWS Cloud Security

There are many components that make up AWS. Security testing and audits can be performed on individual components or your entire AWS environment. For example, S3 Bucket Penetration tests can be performed to ensure private buckets are properly configured and public buckets are not overly permissive. A more comprehensive evaluation is an audit of your AWS environment based on the Center for Internet Security AWS Foundations benchmark.