TrustFoundry Core Services

TrustFoundry focuses on helping our customers identify and efficiently eliminate risks to your business. We offer the following services and tailor them to fit your specific needs.

Application Penetration Testing

  • Effectively identifies security flaws in today’s applications.
  • Combines manual testing techniques with automated tools to thoroughly and efficiently identify vulnerabilities.
  • Finds a large number of business logic flaws that today’s best automated scanners cannot find. Industry studies have found that correctly-configured automated scanners find less than half of the vulnerabilities in applications.
  • Access to an application environment and access to the source code is needed.

Secure Code Review

  • Identifies vulnerabilities by analyzing the application’s source code.
  • Manual analysis and automated tools are used to thoroughly and efficiently identify vulnerabilities.
  • Access to an application environment and access to the source code is needed.
  • Access to source code required. Conducted with or without access to the application.

Source Code Assisted Application Penetration Testing

  • An application penetration test leveraging the source code to assist in identifying vulnerabilities.
  • When source code can be provided, this is our recommended approach; a penetration test combined with source code is almost always the most effective way to identify vulnerabilities.
  • Access to both an application environment and access to the source code is needed.

Web Application Scanning

  • Identifies vulnerabilities using a configured automated scanner and manual validation of vulnerabilities.
  • Automated approaches are limited in effectiveness due to increasingly complex technologies in use.

iOS Penetration Testing

  • Assesses the security of iOS applications to identify vulnerabilities and determine the risks that a mobile application presents.
  • Typically includes testing of the API that the iOS application communicates with.

Android Penetration Testing

  • Assesses the security of Android mobile applications to identify vulnerabilities and determine the risks that a mobile application presents.
  • Typically includes testing of the API that the Android application communicates with.

Secure Code Review

  • Identifies vulnerabilities by analyzing the mobile application’s source code.
  • Manual analysis and automated tools are used to thoroughly and efficiently identify vulnerabilities.
  • Access to an application environment and access to the source code is needed.
  • Access to source code required. Conducted with or without access to the application.

Source Code Assisted Mobile Application Penetration Testing

  • A mobile application penetration test leveraging the source code to assist in identifying vulnerabilities.
  • When source code can be provided, this is our recommended approach; a penetration test combined with source code is almost always the most effective way to identify vulnerabilities.
  • Access to both a mobile application, an application environment, and access to the source code is needed.

Network Security Assessments can be performed given a list of IP addresses, domain names, or we can simulate an attacker by doing asset discovery with only the name of a company.

Network Vulnerability Scan

  • Automated vulnerability scan conducted against an internal or external network to identify potential vulnerabilities.

Network Vulnerability Assessment

  • Automated vulnerability scan conducted against an internal or external network to identify potential vulnerabilities, including manual validation of all identified vulnerabilities.

Network Penetration Testing

  • Conducted against an internal or external network to identify and attempt to exploit potential vulnerabilities.
  • Includes attempted exploitation of identified vulnerabilities.
  • Penetration testing is typically goal based, meaning TrustFoundry will attempt to access specific sensitive data or other specified targets.

Email Social Engineering

  • Targeted emails attempting to trick users into clicking malicious links, attachments, or following other instructions.
  • Can simply track clicks, or TrustFoundry can serve malicious payloads that we design to bypass antivirus, to simulate an actual attacker.
  • Email addresses can be provided, or can be obtained during information gathering

Phone Social Engineering

  • Targeted phone calls attempting to trick users into providing sensitive information, or following other instructions.
  • Phone numbers can be provided, or can be obtained during information gathering.

Attack Simulation

  • Combines some or all of the above techniques.
  • Simulate attackers of various sophistication attacking your organization.
  • End goal is to obtain access to specified

Wireless Security Assessment

  • Identifies insecure network configurations which threaten your environment through on-site testing.
  • Goal based testing attempts to access specific sensitive data or other specified targets.

Hardware Penetration Testing

  • Evaluate physical devices to determine the impact physical access would have.
  • Assess physical protections such as locks.
  • Assess physical access, such as USB Ports and removable hard drives.
  • Low-level analysis can be performed to simulate an advanced attacker attempting to extract sensitive information from embedded systems.

Physical Security

  • Evaluates the security of a location.
  • Assesses access controls and security awareness of the organization.
  • Typically goal based, meaning TrustFoundry will attempt to access specific sensitive data or other specified targets.

Threat Modeling

  • Evaluates solutions to determine what attack vectors would lead to sensitive access.
  • Answers the question, “What could go wrong?”
  • Can evaluate both very technical systems and also evaluate business processes.
  • Can be conducted at design time, or after the solution has already been implemented.

Security Training

  • Provide employees and developers with training solutions that will help them solve your enterprise’s security problems.
  • Training over tools, techniques and processes.
  • Security awareness training to help combat social engineering attacks.

Security Software Development

  • Designs custom solutions to solve your enterprise’s security problems.
  • Security-focused software development implementing security throughout the SDLC.

TrustFoundry Statistics

0 Years
Penetration Testing Experience
0
Assessments Delivered
0%
of Breaches from Web App Attacks
0%
Focused on Information Security
Contact TrustFoundry Today

Looking for proven professionals in the industry?

TrustFoundry has successfully worked with both Fortune 100 enterprises and small startups in a large variety of areas.
Contact TrustFoundry Today