I provide advanced security assessments for web and mobile applications.
My test coverage includes (but is not limited to) checklists such as OWASP Top 10 and SANS Top 25 Software Errors.
Covering all functions of the application, from user enrollment through to administrative functions, I perform both automated tests with the best tools on the market and detailed manual tests.
Results of the automated tests are manually checked and false positives are omitted.
I perform risk assessments for each individual finding, based on the importance of the data asset at risk, likelihood of discovery by attackers and technical complexity of exploiting the weakness .
You always get very realistic findings, pinpointing where the risk is at, as well as detailed and applicable remediation recommendations. If preferred by the client, I also support the developers during the remediation phase, through meetings or email, so as to ensure that they understand the problem properly and create a robust fix. I also perform re-tests to ensure that the problem is solved completely.