We simulate application attacks that provide an attacker's perspective of the security of your systems.

We only work with local and experienced cybersecurity practitioners to help discover vulnerabilities in your application environment and assess the exposure they create.
Benefits-of-Cyber-Assessments

Benefits of an Application Security Assessment With Us

  • Cybersecurity assessments are solely what we do.
  • Over a decade of cybersecurity assessment experience.
  • Test critical application functionality or features of concern.
  • Our focus is on discovery of critical and high findings that pose maximum business impact.

Services we Offer

Delivering cybersecurity services such as web application vulnerability assessments and penetration tests within Canada:

Application Assessments:

We simulate attacks on your applications (web, API, mobile, point-of-sale systems, kiosks) by testing for flaws which can be leveraged by attackers to steal, leak, misuse or abuse sensitive information or services. We offer:

  • Vulnerability or penetration tests for custom-built applications
  • Authenticated or unauthenticated attack scenario perspectives
  • Using primarily manual techniques (and some automation, where applicable)
  • Using both dynamic analysis (DAST) or static analysis (SAST)
Application-Assessments
Application-Flaws

Some common application flaws we test for:

  • Identification, authentication and authorization flaws
  • Session management flaws (e.g. session hijacking)
  • Oauth 2.0 authentication vulnerabilities
  • Misconfiguration and deployment flaws
  • Integration misconfiguration flaws (e.g. third-party components)
  • Captcha bypass, 2FA bypass, rate limit bypass or WAF bypass
  • Insecure 'registration', 'remember me', or 'forgot password' functionality
  • Input or injection flaws (e.g. SSRF, command injection, HTTP parameter pollution)
  • Insecure design flaws
  • Flaws in payment functionality flows
  • Cryptographic misuses or errors
  • File upload vulnerabilities
  • Unintended application leakage from application usage or misuse
  • Client-centric vulnerabilities (e.g. XSS, clickjacking)
  • Business logic flaws and targeted edge cases
  • Account takeover and privilege escalation via chaining of multiple vulnerabilities

Our Process

We have a simple 3 step process to get started with our cybersecurity assessment services:

Step-1

Tell us your security needs

Via a virtual meeting we discover your business and your security needs, along with type of security testing of interest and potential scope. We will go over our general engagement approach, such as methodology, tooling, and possible attack scenarios and discuss how we may be able to help.

Step-2

We perform the work

This is where we perform the assessment, strictly within scope, using vetted tools and approaches, and being mindful of the operational impact on your environment. Many of us have previously held operations roles, so we understand that hitting systems too hard, triggering vast number of alerts, or locking out admins adds negative value. Depending on type of testing, we adjust our approach so as to maximize value, yet produce as safe a test as possible.

Step-3

We deliver a report and presentation

The final work product is a report with an executive summary and technical details discussing methodology, tooling, vulnerabilities discovered and attacks leveraged. The report will provide clear description of security risk, impact, and remediation steps. A final presentation is scheduled once you’ve had time to review the final report to discuss vulnerability findings.

Our Experience

Cybersecurity assessments are solely what we do. We are tool and vendor agnostic, so our recommendations are based on decades of best practices and not on sales team recommendations.

All of our practitioner only reside and have been trained within Canada. Have had extensive background checks and have over a decade of cyber security assessment experience. Not to mention additional experience as either security analysts, forensic analysts, or developers.

You will not find bait & switch tactics here, where the partners sell and juniors perform the work. Ultimately, you always know who is performing the work, and what you pay for is a higher quality assessment versus a premium sales experience with an overall lower quality assessment result.

We use industry best standards and frameworks for our testing:

OWASP-logo
NIST-logo
MITRE-Attck-logo
PTES-logo

We hold qualification such as:

OSCP-cert
OSCE-cert
CISSP-cert
GPEN-cert
GCIH-cert

Contact Us

150 King Street West, Suite 237

Toronto, Ontario, M5H 1J9

Canada

 

Questions? For a quick estimate or quote.

Email us at: 

 

Contact Us
Copyright © 2024 BaseSec Inc. All rights reserved.
Facebook-f Instagram Twitter