About VSR

Virtual Security Research, founded in 1998 has been focused on providing quality information, network and application security consulting services. With clients in the financial services, service provider, retail and commercial software sectors, VSR demonstrates the risk / reward benefit to its clients by quantifying risk in business terms through its custom assessment methodology.

Virtual Security Research offers vast array of information security services including: application, product, network security assessments, incident response & forensic analysis and security advisory services. VSR also provides training in the areas of secure software development and incident response for clients who wish to promote in-house security awareness. The VSR competitive advantage includes a team of security specialists with niche focus areas including: application penetration testing, forensics & incident response, network protocol security, reverse engineering and cryptography. While each consultant is highly technical, consultants translate identified risks into business terms with recommended remediation strategies which align with client business models rather than recommending impractical or idealistic strategies which inhibit day to day business.

The team of security specialists has significant backgrounds in computer information security, with many of the lead consultants who possess more than 10 years of experience performing information security consulting. Members of the firm have and continue to conduct independent security research in leading commercial and open source applications and have been credited responsible disclosure of vulnerabilities identified throughout their research efforts. Many of the firm's security specialists have had prior affiliations at leading security organizations including @stake, Symantec and QinetiQ Trusted Information Management.

Apple iOS / OSX: Foundation NSXMLParser XXE Vulnerability

XML Schema, DTD, and Entity Attacks

IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to POA

Timothy D. Morgan presents No Crack Required: Cryptanalysis in Real-World Applications at OWASP AppSecUSA 2012.


Contact us by phone,
fax or e-mail:

Phone: 617.933.8919
Fax: 617.933.8920
Email: inquiry@vsecurity.com