TrustFoundry Core Services

TrustFoundry focuses on helping our customers identify and efficiently eliminate risks to their organizations. We offer the following services and tailor them to fit your individual needs.

Application Penetration Testing

  • Effectively identify security flaws in today’s applications
  • Combine manual testing techniques with automated tools to thoroughly and efficiently identify vulnerabilities
  • Exposes numerous significant business logic flaws that the best automated scanners cannot detect. Industry studies conclude that correctly-configured automated scanners discover less than half of application vulnerabilities
  • Access to application environment and source code required

Secure Code Review

  • Identify vulnerabilities by analyzing source code of application
  • Combine manual analysis with automated tools for comprehensive and efficient identification of vulnerabilities
  • Can be conducted with our without access to application environment
  • Access to source code required

Source Code Assisted Application Penetration Testing

  • Identify vulnerabilities in an application, leveraging the source code during penetration testing
  • We recommend application penetration testing with access to source code, as this is almost always the most effective means to identify vulnerabilities
  • Access to application environment and source code required

Web Application Scanning

  • Identify vulnerabilities using a custom-configured automated scanner augmented by manual validation of detected results
  • Automated-only scanning has limited effectiveness due to increasingly¬†complex technologies in use

iOS Penetration Testing

  • Assess the security of iOS applications to identify vulnerabilities and determine associated risks
  • Typically includes testing of the API with which the iOS application communicates

Android Penetration Testing

  • Assess the security of Android applications to identify vulnerabilities and determine associated risks
  • Typically includes testing of the API with which the Android application communicates

Secure Code Review

  • Identify vulnerabilities in mobile applications through detailed source code analysis
  • Manual analysis and automated tools are leveraged to ensure thorough and efficient identification of vulnerabilities
  • Can be conducted with our without access to application environment
  • Access to source code required

Source Code Assisted Mobile Application Penetration Testing

  • Identify vulnerabilities in a mobile application, leveraging the source code during penetration testing
  • We recommend mobile application penetration testing with access to source code, as this is almost always the most effective means to identify vulnerabilities
  • Access to mobile application, application environment and source code required

Network Security Assessments can be performed on specified IP addresses, domain names, or can simulate an attacker through asset discovery given only the organization name

Network Vulnerability Scan

  • Identify potential vulnerabilities through automated testing against an internal or external network

Network Vulnerability Assessment

  • Identify potential vulnerabilities through automated testing against an internal or external network, including manual validation of all detected results

Network Penetration Testing

  • Identify and attempt exploitation of potential vulnerabilities on an internal or external network
  • Penetration testing is typically goal based, meaning TrustFoundry will attempt to access targeted sensitive data, resources and assets

Email Social Engineering

  • Attempt to influence users to click on malicious links or attachments, or follow other instructions utilizing targeted emails
  • Capable of simulating an actual attacker by serving malicious payloads of our design to bypass antivirus, or simply track clicks
  • Email addresses may be provided, or can be obtained during information gathering

Phone Social Engineering

  • Attempt to influence users to provide sensitive information or follow other instructions utilizing targeted phone calls
  • Phone numbers may be provided, or can be obtained during information gathering

Attack Simulation

  • Simulate attackers with various levels of sophistication attacking your organization using a combination of some or all of the above techniques
  • Goal based approach, meaning TrustFoundry will attempt to access targeted sensitive data, resources and assets

Wireless Security Assessment

  • identify insecure network configurations which threaten your environment through on-site testing
  • Goal based testing attempts to access targeted sensitive data, resources and assets

Hardware Penetration Testing

  • Determine impact of physical access through evaluation of physical devices
  • Assess physical protections such as locks
  • Assess physical access such as USB Ports and removable hard drives
  • Low-level analysis may be performed to simulate an advanced attacker attempting to extract sensitive information from embedded systems

Physical Security

  • Evaluate the security of a location
  • Assess access controls and security awareness of the organization
  • Goal based approach, meaning TrustFoundry will attempt to access targeted sensitive data, resources and assets

Threat Modeling

  • Evaluate solutions and determine which attack vectors would lead to sensitive access
  • Provide actionable intelligence and answer the question: “What could go wrong?”
  • Evaluate both highly technical systems and non-technical business processes
  • May be conducted at time of solution design, or after solution implementation

Security Training

  • Provide employee training solutions for non-technical and developer audiences which address your organization’s security concerns
  • Affect positive changes in end user behavior
  • Design curriculum individually to address and solve your organization’s specific security concerns
  • Training on tools, techniques and processes
  • Security awareness training to combat social engineering attacks

Security Software Development

  • Design custom solutions to solve your organizations security concerns
  • Security-focused software development, implementing security throughout the SDLC

TrustFoundry Statistics

0 Years
Penetration Testing Experience
0
Assessments Delivered
0%
of Breaches from Web App Attacks
0%
Focused on Information Security
Contact TrustFoundry Today

Looking for proven professionals in the industry?

TrustFoundry has successfully worked with both Fortune 100 enterprises and small startups in a large variety of areas.
Contact TrustFoundry Today