Services

Services Overview
Our team of highly skilled and specialized consultants perform the difficult offensive security tests that go beyond in-house testing.
Learn More

Application Security
Penetration testing of your mobile apps, web apps and thick clients. We also provide API security testing and application security code review.
Infrastructure Security
Identify critical network vulnerabilities through External/Internal Penetration Testing, PCI Penetration Testing, Wireless Penetration Testing, Cloud Security Assessment and Remote Access Penetration Testing.
Adversarial Simulation
Uncover organizational weaknesses through Red Team, Purple Team, Social Engineering, Threat Emulation and Threat Hunting.
Device Security
Identify medical and embedded devices in an IoT-enabled environment and test critical hardware technologies to locate vulnerabilities and security-related issues.
Strategic Services
Utilize the years of experience and deep industry knowledge of our team of security consultants for AppSec Program Management and Developer Security Training.
Cloud Security
Assess and protect your cloud data, applications, and infrastructure in all cloud environments, including AWS, Google Cloud, & Microsoft Azure.
Process
- Process Overview
- STEM Methodology
About Us
Blog
Careers
Contact Us

Blog

CBSSports.com Horizontal Access Control Bypass (Trading Block)

Summary=========The CBSSports.com fantasy sports sites did not properly enforce access control between user accounts at the same privilege level within the application. This behavior could be leveraged by an attacker […]

UFC on Xbox LIVE for Android – Cleartext Storage of Sensitive Information

Summary=======The UFC on Xbox LIVE application for Android (version 1.0) stores sensitive information in cleartext within the SQLite database. CVE number: Not AssignedImpact: MediumVendor homepage: http://www.microsoft.com/Vendor notified: 12/13/2012Vendor fixed: N/A – […]

HelpBridge for Android – Cleartext Storage of Sensitive Information

Summary=======HelpBridge application for Android (version 1.0.2) stores sensitive information in cleartext within the SQLite database. CVE number: Not AssignedImpact: MediumVendor homepage: http://www.microsoft.com/Vendor notified: 12/13/2012Vendor fixed: 4/15/2013Credit: Christopher Emerson of White […]

MSN World 1.4.2 for Android – Cleartext Storage of Sensitive Information

Summary=======MSN World application for Android (version 1.4.2) stores sensitive information in cleartext within the SQLite database. CVE number: Not AssignedImpact: MediumVendor homepage: http://www.microsoft.com/Vendor notified: 12/13/2012Vendor fixed: 1/30/2013Credit: Christopher Emerson of […]

My Xbox Live 1.0 for Android – Cleartext Storage of Sensitive Information

Summary=======My Xbox Live application for Android (version 1.0) stores sensitive information in cleartext within the SQLite database. Microsoft was originally notified of this issue November 29, 2012. The details of […]

Microsoft Lync Server 2010: Remote Code Execution/XSS – User Agent Header

Summary==========Microsoft Lync 2010 fails to properly sanitize user-supplied input, which can lead to remote code execution. Microsoft was originally notified of this issue December 11, 2012. The details of this […]

CVE-2012-5868: WordPress 3.4.2: Sessions Not Terminated Upon Explicit User Logout

WordPress 3.4.2 fails to invalidate a user’s sessions upon logout.