VSR's product penetration tests help clients understand the impact that a third-party appliance or software product will have on the security of their network environment. Reviews can occur at any stage of a product's deployment, including during conceptual product design, product evaluation, preliminary roll outs, or after production deployment.
Our security professionals design and implement test plans based on the specific product and intended deployment scenarios. Test plans often cover several of the following areas:
- Design and implementation of custom network protocols
- Standard and custom cryptographic algorithms and implementations
- Known weaknesses in base platform software
- Unsafe deployment configuration or interaction with customer's environment
- Poor resource management
- Insufficient audit records or logging
- Vulnerability to well-known attacks such as: SQL injection, cross-site scripting (XSS), buffer overflows, and many others
- Weaknesses at trust bounaries between components or systems
During the remediation phase of an engagement, VSR's analysts often work with third-party product vendors to describe in detail any vulnerabilities identified in order to address the issues.