Innovation on demand

Services

Outsourcing
Consulting
Security
Internationalization
Quality Assurance
Data Management

"We needed a solution for managing enterprise-wide deployments and customizations of Microsoft Office. Equiom came up with a very clever solution to the problem we presented, and delivered the complete implementation on time to meet an external deadline we had. Subsequently, we needed additional work done, and they were the first vendor we approached. Every dealing with them has been very professional, and they always exceed our expectations"

Andy Abbar, Director
Microsoft Corporation

Application and Infrastructure Security

Equiom's security practice helps your business map regulatory requirements to policies, programs, and strategies. We help you reduce risk and the cost and complexity of regulatory compliance. Equiom’s Certified Information System Security Professionals (CISSP) work hand-in-hand with our customers to protect their applications and infrastructure. Our services ensure that appropriate security controls are placed in the vital part of application development and Information Technology (IT) processes. Our assessments uncover vulnerabilities, resulting in remediation for critical systems across multiple industries including banking, telecom, independent software vendors and embedded systems.

Secure Software Assurance

Software Security is the number one issue facing the computer industry. A recent 2009 Forrester survey found that more than 62% of organizations experience a security breach per year due to exploitation of vulnerabilities in their critical software applications. Security spending is not immune to economic conditions as 64% of organizations stated that while application security is important to them, they are struggling to meet the challenge on existing budgets. Exploits are increasing, timeframes are shrinking, and the costs for resolving these issues are soaring. Producing software that is secure and resistant to attack has become mission critical for independent software product vendors and in-house IT groups. Equiom provides a series of service offerings designed to improve the overall security posture and reliability of applications.

Secure Design Review (SDR)

SDR provides an evaluation of the security-related features of an application before the application goes into development. The inputs include design documentation that identifies key components of the application, trust boundaries, data flow, entry points and privileged code. This offers software development teams the opportunity to remediate findings prior to deployment and rollout.

Security Assessment

Equiom evaluates applications and network infrastructure and provides a comprehensive assessment of information security needs for your specific business. You are presented with a security roadmap to fortify your information systems at minimum cost.

Fuzz-Testing

Fuzzing consists of randomizing legitimate data in order to identify failed input validation or inappropriate data. Fuzzing can be brute force, or crafted specific to an application. It can be performed on HTTP and web service traffic, file formats, and APIs. A variety of fuzzing tools are available which can fuzz data in transit. For unmanaged applications, fuzzing can reveal critical vulnerabilities that could lead to buffer overrun, crashing the application or conducting an actual exploit. And while buffer overruns are less of an issue for managed applications, fuzzing can still find issues such as information disclosure (on error conditions) and poor input validation.

White Box (Code Review)

Our expert work with your team to perform manual code reviews complemented with static analysis tools to identify common coding vulnerabilities hidden within application implementations. The service also provides proven guidance to help mitigate any identified vulnerabilities within the application implementation. Evaluation of architectural components, processes, use-case scenarios and code implementation also help define the threats to an application and its assets. The deliverables from white box code reviews are integrated into the Software Development Lifecycle (SDL) tasks process.

Black Box Security Assessment

Our BlackBox security assessment (or Penetration Test) determines vulnerabilities in your application or infrastructure without access to the actual codebase. The assessment will consist of profiling the application and/or running system using a number of tools, profilers and techniques. BlackBox security assessment is more likely to find broken business logic, weak authentication, authorization and insecure communication than a pure code review. Profiling of an application's behavior at runtime can reveal unexpected behavior which a malicious user could exploit or use to discover unintended details about the application.

Grey Box Testing

Grey Box testing is an combination of traditional WhiteBox (code review) and BlackBox (penetration test). In a Grey Box review, we use both attack and penetration tools and knowledge of the source code to critically analyze the application for vulnerabilities. This provides the most effective and efficient means of reviewing the application. By combining the best aspects of both BlackBox and WhiteBox reviews, Equiom is able to minimize the discovery time that would otherwise slow BlackBox testing.

Deployment Review

During a deployment review, we evaluates production environments to ensure access controls and architectural issues conform to policy, standards and best practices. Ideally the review is of the production environment, but this is not always feasible. Reviewing the testing and beta environment can still provide a valuable roadmap to ensure that the production environment is adequately locked down. Deployment review ensures that the controls in place on the server match the impact of the application.

Secure Infrastructure Technology (IT)

Covering both wired and wireless networks, Equiom secure infrastructure-level services will exceed your requirements for top level security—including confidentiality, integrity and availability. Whether your need is for a secure development process, threat modeling, or validation of the security of software after development, Equiom’s Security team can help.

Penetration Testing

Equiom provides a variety of testing to determine if your business information systems are vulnerable to malicious attacks and malware. It is also a way to ensure that systems are protected at the highest level.

Wireless Penetration Testing

Our team of security experts can perform one-off security reviews of your wireless networks. With our software engineering expertise, we can put together a network management system that is DOD 8100.2 compliant. This includes establishing application policy, developing protection to mitigate denial of service attacks, assessing the risk and vulnerabilities, and recommending end-to-end protection schemes, including intrusion detection methodologies for the wireless system.

Security Awareness Training

Information security is an on-going process where human factors remain the weakest link. Most "real life" network attacks are caused by end-users' lack of familiarity with how to best protect your company's information. Equiom provides education and training to your organization to increase awareness of the importance of securing valuable company data and arms them with practical tools to be part of the solution rather than be part of the problem.