Consultancy

Web Application Security Testing Consultancy

I offer web application security testing, vulnerability assessment and penetration testing on a consultancy basis. For a pre-agreed fee I can help you secure your applications, networks and servers, and close any security issues you may have before the bad guys find and exploit them.

Occasional Role for Many Applications

Most organisations, even those with significant IT resources, don't employ a security vulnerability tester, but they still need one from time to time. It's a role that is only needed every so often, such as when a new piece of software goes live, or is significantly revised. I fill this role for client companies of various sizes.

Specialised Skills

The people who write software will do their own testing of course, but ultimately they're not the best people to have the final say on whether their product is secure or not. Security vulnerability testing is a specialised form of testing that most software developers aren't familiar with.

That, in short, is why so many systems get breached: the developers who write them, good as they may be at application development, are unaware of the sorts of mistakes they can make that can be exploited by someone wanting to gain access to the system and its data.

Consultancy Fills the Gap

I offer expertise in vulnerability testing and the tools used to perform it. I can advise on, and then conduct, the final stage of testing that an Internet-facing application needs. Such testing can range from half a day of ad-hoc probing through to a full and methodical parse of the entire system under scrutiny. I deliver reports describing what I tested and what conclusions I drew. I describe any vulnerabilities I discovered, both actual and potential, with guidance on why something might be a risk, and how it can be remedied or mitigated.

I tailor each test in a way that suits the individual client and their application. I work with most types of web environment, including PHP, ASP and Perl CGI as well as content management systems and AJAX frameworks. See the logistics page for an idea of how things work in practice.