Some of the most common security breaches are the result of improperly configured application, flaws in application code, and application test systems. This applies to both externally (Internet facing) and internally positioned applications.

It is common for us to identify application security flaws when performing penetration tests and a natural progression is on console code audits or reviews. This process involves one or more of the following:

• Direct review of the configuration of the operating system applications are running on which results in an "as is" report;
• Detailed recommendations on how the operating system should configured and how to harden the environment;
• Direct review of application code, in it's un-compiled stated, to determine if code is security deficient;
• Detailed and in most cases, step by step instructions on how to resolve security flaws or vulnerable code; And,
• Direct review of SQL servers including Microsoft SQL, Oracle, and MySQL database configuration and the operating systems they run on.

ParaLogic can provide an example of the above by providing you with a "cleansed" version of a recent report. This will give you an idea of the details you should expect if you choose to have ParaLogic review your existing or "in development" applications.