CINXE.COM

Shielder - Application Security

<!doctype html><html lang=en><head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=description content="Shielder performs Web Application Penetration Test, Mobile Application Penetration Test with a White-Box and a Black-Box approach. To cover all the Application Security aspects Shielder performs Code Reviews and Security Trainings for Secure Coding too."><meta name=Copyright content="Copyright &copy; Shielder"><meta property="og:title" content="Shielder - Application Security"><meta property="og:type" content="website"><meta property="og:url" content="https://www.shielder.com/services/application-security/"><meta property="og:image" content="https://www.shielder.com//img/shield.png"><meta property="og:image:type" content="image/png"><meta property="og:image:width" content="558"><meta property="og:image:height" content="558"><meta property="og:image:alt" content="Shielder logo"><meta property="og:locale" content="en_US"><meta property="og:description" content="Shielder performs Web Application Penetration Test, Mobile Application Penetration Test with a White-Box and a Black-Box approach. To cover all the Application Security aspects Shielder performs Code Reviews and Security Trainings for Secure Coding too."><meta property="og:site_name" content="Shielder"><meta property="fb:app_id" content="1651492201761174"><meta name=twitter:card content="summary"><meta name=twitter:site content="@ShielderSec"><meta name=twitter:creator content="@ShielderSec"><meta name=twitter:title content="Shielder - Application Security"><meta name=twitter:description content="Shielder performs Web Application Penetration Test, Mobile Application Penetration Test with a White-Box and a Black-Box approach. To cover all the Application Security aspects Shielder performs Code Reviews and Security Trainings for Secure Coding too."><meta name=twitter:image content="https://www.shielder.com//img/shield.png"><link rel=apple-touch-icon sizes=57x57 href=https://www.shielder.com/favicon/apple-touch-icon-57x57.png><link rel=apple-touch-icon sizes=60x60 href=https://www.shielder.com/favicon/apple-touch-icon-60x60.png><link rel=apple-touch-icon sizes=72x72 href=https://www.shielder.com/favicon/apple-touch-icon-72x72.png><link rel=apple-touch-icon sizes=76x76 href=https://www.shielder.com/favicon/apple-touch-icon-76x76.png><link rel=apple-touch-icon sizes=114x114 href=https://www.shielder.com/favicon/apple-touch-icon-114x114.png><link rel=apple-touch-icon sizes=120x120 href=https://www.shielder.com/favicon/apple-touch-icon-120x120.png><link rel=apple-touch-icon sizes=144x144 href=https://www.shielder.com/favicon/apple-touch-icon-144x144.png><link rel=apple-touch-icon sizes=152x152 href=https://www.shielder.com/favicon/apple-touch-icon-152x152.png><link rel=apple-touch-icon sizes=167x167 href=https://www.shielder.com/favicon/apple-touch-icon-167x167.png><link rel=apple-touch-icon sizes=180x180 href=https://www.shielder.com/favicon/apple-touch-icon-180x180.png><link rel=icon type=image/png href=https://www.shielder.com/favicon/favicon-16x16.png sizes=16x16><link rel=icon type=image/png href=https://www.shielder.com/favicon/favicon-32x32.png sizes=32x32><link rel=icon type=image/png href=https://www.shielder.com/favicon/favicon-96x96.png sizes=96x96><link rel=icon type=image/png href=https://www.shielder.com/favicon/favicon-160x160.png sizes=160x160><link rel=icon type=image/png href=https://www.shielder.com/favicon/favicon-192x192.png sizes=192x192><link rel="shortcut icon" href=https://www.shielder.com/favicon/favicon.ico><link rel=preload href=https://www.shielder.com/fontawesome/webfonts/fa-regular-400.woff2 as=font type=font/woff2 crossorigin><link rel=preload href=https://www.shielder.com/fontawesome/webfonts/fa-solid-900.woff2 as=font type=font/woff2 crossorigin><link rel=preload href=https://www.shielder.com/fontawesome/webfonts/fa-brands-400.woff2 as=font type=font/woff2 crossorigin><link rel=preload href=https://www.shielder.com/fontawesome/webfonts/fa-brands-400.woff2 as=font type=font/woff2 crossorigin><title>Shielder - Application Security </title><link rel=stylesheet defer href=https://www.shielder.com/css/bootstrap.min.css><link rel=stylesheet defer href=https://www.shielder.com/css/style.css><link rel=stylesheet async href=https://www.shielder.com/fontawesome/css/all.min.css><link rel=stylesheet async href=https://www.shielder.com/css/dracula.css><link rel=alternate type=application/rss+xml title="Shielder Blog" href=https://www.shielder.com/blog/index.xml><link rel=alternate type=application/rss+xml title="Shielder Advisories" href=https://www.shielder.com/advisories/index.xml></head><body class=bg-primary><nav class="navbar navbar-expand-lg fixed-top bg-primary p-3 px-md-5 px-lg-3 px-xl-5"><a class=navbar-brand href=https://www.shielder.com/ title=homepage><img src=https://www.shielder.com/img/logoshielder.svg alt="shielder logo homepage" class=w-75></a> <button class="navbar-toggler text-white p-0" type=button data-toggle=collapse data-target=#navbarNav aria-controls=navbarNav aria-expanded=false aria-label="Toggle navigation"> <i class="fas fa-bars"></i></button><div class="collapse navbar-collapse justify-content-end pt-2" id=navbarNav><ul class=navbar-nav><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/ title=Home>Home</a></li><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/company title=Company>Company</a></li><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/services title=Services>Services</a></li><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/advisories title=Advisories>Advisories</a></li><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/blog title=Blog>Blog</a></li><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/careers title=Careers>Careers</a></li><li class="nav-item p-2"><a class="nav-link text-white" href=https://www.shielder.com/contacts title=Contacts>Contacts</a></li><li class="nav-item p-2"><button class="nav-link bg-transparent border-0 btn btn-primary dropdown-toggle rounded-0" type=button id=language-selector data-toggle=dropdown aria-haspopup=true aria-expanded=false> ENG</button><div class="dropdown-menu dropdown-menu-right" aria-labelledby=language-selector><a class=dropdown-item href=https://www.shielder.com/services/application-security/ title=ENG>ENG</a> <a class=dropdown-item href=https://www.shielder.com/it/servizi/sicurezza-applicativa/ title=ITA>ITA</a></div></li></ul></div></nav><main><section id=service-intro><div class=container><div class=row><div class="col-12 col-sm-6"><h1 class=text-white>Application Security</h1></div></div></div></section><section id=single-service><div class=container><div class="row d-flex align-items-center"><h3 class="col-12 col-md-6 offset-md-6 text-white mb-4" id=penetration-test>Penetration Test</h3><p class="col-12 col-md-6 text-center"><img class="img-fluid service-logo" src=https://www.shielder.com/img/pt-icon.svg></p><p class="col-12 col-md-6 text-white">The process through which the <strong>security level</strong> of a network or an IT system is assessed is called <strong>Penetration Test</strong>. By means of the simulation of a wide scenario of cyber-attacks, this test provides an overall view of the <strong>effectiveness of the system’s security posture</strong> and highlights its vulnerabilities and deficiencies.<br><br>Our specialists’ experience in the field of <strong>application security</strong> is not only due to Web and Mobile Penetration Test activities, but also to long sessions of training, bug hunting and security research. Our methodology in providing security assessment services is in line with <a href=https://www.isecom.org/OSSTMM.3.pdf target=_blank rel="noopener noreferrer"><strong>OSSTMM</strong></a> and <a href=https://owasp.org/ target=_blank rel="noopener noreferrer"><strong>OWASP</strong></a> standards.</p></div></div></section><section id=skill-service><div class=container><div class=row><div class="col-12 col-md-6 text-white"><h4 class=mb-4 id=web-application-penetration-test-wapt>Web Application Penetration Test (WAPT)</h4><p>A <strong>Web Application Penetration Test</strong> is adversary simulation where our security researchers simulate an attack against the customer&rsquo;s web application to find <strong>security issues</strong>.<br>The aim of the test is to identify weaknesses that could <strong>compromise</strong> the <strong>Confidentiality</strong>, <strong>Integrity</strong>, and <strong>Availability</strong> of the information processed by the in-scope portals.</p></div><div class="col-12 col-md-6 text-white"><h4 class=mb-4 id=mobile-application-penetration-test-mapt>Mobile Application Penetration Test (MAPT)</h4><p>A <strong>Mobile Application Penetration Test</strong> is the service that better allows mapping the vulnerabilities of a Mobile Application (Android and iOS). Through a simulated third-party attack, the MAPT process aims at <strong>identifying weaknesses</strong> not only <strong>in the application</strong> itself (i.e. Buffer Overflows, Insecure Storage, Exposed IPCs / Services / Intents, etc.) but <strong>also in the APIs</strong> queried by the application (i.e. SQL Injections, Authentication Bypass, Insecure Direct Object References, etc.).</p></div></div><div class="row d-flex align-items-center my-5 py-5"><h4 class="col-12 offset-md-6 col-md-6 text-white mb-4" id=black-box-penetration-test>Black-Box Penetration Test</h4><p class="col-12 col-md-6 text-center"><img class="img-fluid service-logo" src=https://www.shielder.com/img/blackbox-icon.svg></p><p class="col-12 col-md-6 text-white">A <strong>Black-Box Penetration Test</strong> could be considered a <strong>real-world attack simulation</strong>. The only differences from a real attack are the objective and the time-frame: this simulation is not aimed at causing damages and has a limited time-frame.<br>With this approach the customer only provides the target URLs / Applications and the credentials, letting the penetration testers the task of getting their way through the scope to find the security issues.</p></div><div class="row d-flex align-items-center my-5 py-5"><h4 class="col-12 text-white mb-4" id=white-box-penetration-test>White-Box Penetration Test</h4><p class="col-12 col-md-6 text-white">The <strong>White-Box Penetration Test</strong> is the <strong>most effective</strong> approach as it allows the testing team to access the source code, the servers configurations, the documentation, and a direct line with the developers.<br>This process aims at discovering not only the evident vulnerabilities but also insidious ones, which require a deep understanding of the platform flows and the relations between inner components.<br>One <em>side effect</em> of this approach is the ability to give precise suggestions to fix the vulnerabilities and to allow developers to easily identify and prevent vulnerable code patterns.</p><p class="col-12 col-md-6 text-center"><img class="img-fluid service-logo" src=https://www.shielder.com/img/whitebox-icon.svg></p></div><div class="row my-5 py-5"><div class="col-12 col-md-6 text-white"><h3 class=mb-4 id=code-review>Code Review</h3><p>Code Review is the perfect tool to check the security level of both a custom made and a third-party <strong>software</strong>.<br>Our study is manually carried out by our specialists, who are also provided with statistical analysis tools which can either be <strong>commercial or custom</strong>. In the second case, we develop our own implements in order to identify every kind of vulnerability in the most effective way.<br>Our knowledge about <strong>secure coding</strong> and <strong>offensive application security</strong> guarantees a double-check during the process, the main objective of which is to deliver a scientific and reproducible approach to security measures assessments.</p></div><div class="col-12 col-md-6 text-white"><h3 class=mb-4 id=security-trainings>Security Trainings</h3><p><p>The growing importance of <strong>IT security</strong> is leading more and more companies to feel the need to <strong>raise awareness</strong> about this topic among their staff. This is why our course for Software Developers is born.<br><br>The course is held by experts in <strong>Application Security</strong> with a lot of practical and real-world examples tailored on the technologies used by the customer and aims at providing fundamental notions of <strong>Secure Coding</strong> that will be assessed through a final test.<br><br>The course is focused on the following topics:</p><ul><li>Understanding The &ldquo;Security Approach&rdquo;</li><li>Most Common Vulnerabilities</li><li>Threat Modeling 101</li></li><li>Spot the Vulnerability - <em>Practical</em></li><li>Patch the Code - <em>Practical</em></li></ul></p></div></div></div></section><section><div class=container><div class=row><div class="col-12 mb-5"><h3 class=text-white>We popp&rsquo;d shells on Applications used by</h3></div><div class="col-12 col-sm-4 mb-5 text-center"><img src=https://www.shielder.com/img/telecomunication_.svg alt=Telcos class=sector-img><p class="text-primary mt-2 font-weight-bold title-3">Telcos</p></div><div class="col-12 col-sm-4 mb-5 text-center"><img src=https://www.shielder.com/img/medical_.svg alt=Hospitals class=sector-img><p class="text-primary mt-2 font-weight-bold title-3">Hospitals</p></div><div class="col-12 col-sm-4 mb-5 text-center"><img src=https://www.shielder.com/img/financial_.svg alt=Banks class=sector-img><p class="text-primary mt-2 font-weight-bold title-3">Banks</p></div></div></div></section></main><footer class="pt-5 pb-4 px-3 px-md-0"><div class=container><div class="row text-center"><div class="col-12 col-lg-4 text-white border-bottom mb-4 pb-lg-0 mb-lg-0"><p class="text-uppercase font-weight-bold">Info</p><p class=footer-info>Shielder S.p.A.</p><p class=footer-info>P.I. 11435310013</p><p class=footer-info>REA TO - 1213132</p><p class=footer-info>Registered Capital: 81.000,00 €</p><p><a class="text-decoration-none text-white" target=_blank rel=noopener href="https://www.google.it/maps/place/Shielder/@44.8833849,7.3303863,17z/data=!3m1!4b1!4m5!3m4!1s0x4788250440849fa5:0x74cf10f2092abc85!8m2!3d44.8833849!4d7.332575" title="corporate headquarters">Via Palestro, 1/C<br>10064 Pinerolo (TO) Italy</a></p><div class="iso-logos row justify-content-center mb-4 pb-lg-0 mb-lg-0"><div class=col-3><img alt=ISO27001 src=/img/iso27001.png></div><div class=col-3><img alt=ISO9001 src=/img/iso9001.png></div></div></div><div class="col-12 col-lg-4 text-white border-bottom mb-4 pb-lg-0 mb-lg-0"><p class="text-uppercase font-weight-bold">Contacts</p><p class=footer-contact><a class="text-decoration-none text-white" href=mailto:info@shielder.com title="email Shielder">info@shielder.com</a></p><p class=footer-contact>Landline: <a class="text-decoration-none text-white" href=tel:+390121393642 title=Landline>(+39) 0121 - 39 36 42</a></p><p class=footer-contact>Commercial: <a class="text-decoration-none text-white" href=tel:+393453031983 title=Commercial>(+39) 345 - 30 31 983</a></p><p class=footer-contact>Technical: <a class="text-decoration-none text-white" href=tel:+393931666814 title=Technical>(+39) 393 - 16 66 814</a></p><p><span><a href=https://twitter.com/ShielderSec title="Shielder Twitter profile" target=_blank rel="noopener me" class=text-white><i class="fab fa-x-twitter bigger-icon"></i></a> </span><span class=pl-3><a href=https://infosec.exchange/@Shielder title="Shielder Mastodon profile" target=_blank rel="noopener me" class=text-white><i class="fab fa-mastodon bigger-icon"></i></a> </span><span class=px-3><a href=https://www.linkedin.com/company/shielder title="Shielder LinkedIn profile" target=_blank rel="noopener me" class=text-white><i class="fab fa-linkedin bigger-icon"></i></a> </span><span><a href=https://github.com/shieldersec title="Shielder Github profile" target=_blank rel="noopener me" class=text-white><i class="fab fa-github bigger-icon"></i></a></span></p></div><div class="col-12 col-lg-4 text-white mb-4 pb-lg-0 mb-lg-0"><p class="text-uppercase font-weight-bold">Sitemap</p><p><a class="text-decoration-none text-white" title=Home href=https://www.shielder.com/>Home</a></p><p><a class="text-decoration-none text-white" title=Company href=https://www.shielder.com/company>Company</a></p><p><a class="text-decoration-none text-white" title=Services href=https://www.shielder.com/services>Services</a></p><p><a class="text-decoration-none text-white" title=Advisories href=https://www.shielder.com/advisories>Advisories</a></p><p><a class="text-decoration-none text-white" title=Blog href=https://www.shielder.com/blog>Blog</a></p><p><a class="text-decoration-none text-white" title=Careers href=https://www.shielder.com/careers>Careers</a></p><p><a class="text-decoration-none text-white" title=Contacts href=https://www.shielder.com/contacts>Contacts</a></p></div><div class="col-12 mt-5"><span class="mb-2 mb-lg-0 border-md-right pr-2 text-white d-block d-lg-inline">Copyright © Shielder 2014 - 2025</span> <span class="mb-2 mb-lg-0 border-md-right pr-2 pl-1 text-white d-block d-lg-inline"><a class="text-decoration-none text-white" href=/disclosure-policy title="Disclosure Policy">Disclosure policy</a></span> <span class="mb-2 mb-lg-0 pr-2 pl-1 text-white d-block d-lg-inline"><a class="text-decoration-none text-white" href=/privacy-policy title="Privacy Policy">Privacy policy</a></span></div></div></div></footer><script src=https://www.shielder.com/js/jquery.min.js></script><script src=https://www.shielder.com/js/app.js></script><script src=https://www.shielder.com/js/bootstrap.bundle.min.js></script></body></html>

Pages: 1 2 3 4 5 6 7 8 9 10