Palindrome’s effective security analysis methodology is based on a multidimensional framework driven by both “Deterministic” and “Non-Deterministic”  models, which leverages proprietary techniques and tools, industry standards (e.g., NIST, OWASP, PTES) and past experience from evaluating enterprise and carrier-grade network applications. The findings of the analysis are categorized and prioritized according to the organization’s business model and how they impact operations and services. The findings are accompanied by applicable and actionable recommendations that help mitigate the corresponding risk.

We break code, because we care !

We perform security analysis on all kinds of applications ranging from small web applications to large critical communication infrastructure platforms. In particular, client applications which interact with external actors where trust relationships cannot be established are most vulnerable, for example, Web Applications, Mobile Applications, VoIP Applications, Email Applications and Social Engineering, and Wireless Networks.

Web Application Analysis

Web applications security analysis provides trust in the implementation and supporting components by evaluating security controls that protect against attacks. The attacks are aimed at gaining unauthorized access to sensitive data or application resources (i.e. databases, operating system). Malicious attacks occur because web-based applications often rely on insecure methods to track users, pass data, validate data, perform database queries and maintain sessions.

Palindrome performs extensive web-application security analysis using OWASP Top 10 as the baseline, including – CSRF Check, XSS Check, SQLi Check, HTTP Session Management, Broken Access Control – RBAC / Multi-Tenant, Vulnerable Dependencies, Deserialization / RCE, Information Leakage, Security Configuration, and Identity Management – SAML/OAuth/XML related attacks.

Mobile Application Analysis

Mobile application security analysis provides trust in the implementation and supporting components by evaluating security controls that protect against attacks. The attacks are aimed at gaining unauthorized access to sensitive data or application resources (i.e. databases, operating system). Malicious attacks can occur because Mobile applications often rely on insecure methods to track users, pass data, validate data, perform database queries and maintain sessions.

Palindrome performs extensive mobile application security analysis using static and dynamic analysis techniques with OWASP Mobile Top 10 vulnerabilities as the baseline, including – storage access, network protocols, cryptography functions usage, secure platform API access, interface fuzzing.

VoIP Security Analysis

VoIP security implementation can be a complex and time consuming effort. In some cases, federal or state regulations may introduce additional requirements that are difficult to translate to actionable controls. Palindrome has been helping customers implement secure VoIP networks including federal, carriers (VoLTE) and commercial organizations.

Palindrome’s VoIP Implementation Security Evaluation (VoISE) provides a non-biased and comprehensive approach to ensure VoIP implementations maintain the highest industry security standards and adheres to regulatory requirements along with protecting organizations and customer communications.

Email Security Analysis

Emails malware and especially, phishing is popular attack vectors to harvest credentials, propagate ransomware or deliver malware and gain unauthorized access to systems. ​​In addition to maintaining adequate network security controls (e.g., Firewall, IDS, SIEM, Email spam-filter) an organization must elevate user awareness to thwart Phishing attacks.

“Users are socially and technologically vulnerable!”

Palindrome performs authorized phishing campaigns that can help organization:

  • Enhance awareness of phishing or spear phishing threats.
  • Enhance and/or reinforce awareness about social engineering
  • Provide security training metrics to determine the effectiveness your security training program and identify areas of improvement.

Wireless Security Analysis

Organizations need to connect customers, partners and employees seamlessly while maintaining a secure network infrastructure. Free customer Wi-Fi access, BYOD (Bring Your Own Device) can enhance user productivity, performance and customer experience but also introduce avenues for attack against your users and organizational infrastructure assets.

Palindrome performs security analysis of wireless infrastructure and ensures proper security policies and controls are in place to prevent potential compromise, disruption or abuse of network resources. The security analysis consists of evaluating several areas, including, organizational policy, network segmentation, configuration of wireless access points, protocol security, access and authorization mechanisms (i.e., encryption algorithms, key management, MAC address filtering etc.), channel allocation, ESSID, beacon broadcast frame and recording of broadcast information, evaluation of authentication and encryption modes (i.e., WEP/WPA/WPA2) along with attempts to bypass access point controls/policy (e.g., client MAC address spoofing, MAC filtering bypassing, man-in-the middle).