aricoma logo avatar

#1 in Enterprise IT

Advanced White-box

We offer detailed application analysis. By combining our knowledge of penetration testing and code analysis, we can point out problems that may not be apparent using only one method.

Contact us
Solutions Enterprise Cybersecurity
Advanced white-box combines penetration testing and secure code review or other assessment services. The goal of advanced white-box is to comprehensively examine the security of applications under development using simulated hacking attacks, automated code analysis, manual code reviews and audits.

The service has the advantage of combining the strengths of qualified experts in several security disciplines, which leads to maximizing the benefit of the analyses performed and discovering more vulnerabilities, including the detection of hidden threats and potential weaknesses in the audited application. The resulting report from the advanced white-box testing includes a description of the vulnerabilities with specific recommendations for remediation that are tailored to the technologies being used.

Advanced White-box forms:

The penetration tests are conducted as a simulation of hacker attacks at the network and application level to test the ability of the organization's systems to withstand real cyber-attacks from the external environment, but also the ability to withstand unauthorized interference by employees, regardless of whether they act consciously or by genuine error.
  • ​They simulate hacker attacks on applications, systems and the entire infrastructure.
  • Using globally recognized methodologies such as the OWASP Web Security Testing Guide (WSTG) or Penetration Testing Standard (PTES).
  • Penetration testing is performed by certified penetration testers according to the required standards.
  • Security scanning with manual tests combined with advanced commercial automated scanning tools, as well as custom tools from the Aricoma toolkit portfolio.
  • Penetration testing results in the detection of vulnerabilities, configuration flaws or the discovery of undersized system elements at all layers of the application or system under test.
Secure Code Review Source code security review consists of reviewing application source code through manual source code reviews and automated analyses using SAST tools.
  • ​Revision of applications in many popular languages (ASP.NET, Java, JavaScript, C#, PHP, ...). 
  • Internal methodology based on experience in secure development and penetration testing, backed by recognized standards of the OWASP project. 
  • Enables to detect developer bugs, backdoors, design flaws, non-compliance with best practices, use of weak cryptography and many other application vulnerabilities. 
  • Code review consists of two main analysis elements: 
  • Automated review of the entire code using open-source and proprietary tools and review of the results by a qualified security specialist. 
  • Manual review of the whole code or its subparts selected by the client or qualified security specialist.
  • Vulnerabilities found are described in detail and recommendations are provided, taking into account the technology stack being used.​

Benefits

  • High quality resulting from the white-box testing methodology and the combined knowledge of the penetration tester and developer.
  • You will gain insight into what vulnerabilities are present in the systems, including specific locations in the source code and specific recommendations for securing them.
  • We will uncover specific vulnerabilities that would often be impossible to detect in conventional penetration testing due to time constraints.
Share
Print into PDF

References
  • logo zakaznika
    Our penetration tests identified and remediated vulnerabilities within the company Konica Minolta
  • logo zakaznika
    Raising cybersecurity awareness at Broker Consulting
  • logo zakaznika
    Security of clients and employees of ČSOB has been improved not only through penetration tests
  • logo zakaznika
    Audits and sophisticated penetration tests for vulnerability identification for Škoda Auto
  • logo zakaznika
    At T-Mobile, we performed security tests and audits
  • logo zakaznika
    At Deutsche Telekom (T-Systems), we cover the areas of cyber security.
  • logo zakaznika
    Cyber security training services for dozens of OTE employees
  • logo zakaznika
    Implementation of penetration tests to improve the security of ING
  • logo zakaznika
    Implementation of security audits and penetration tests for ČEZ
  • logo zakaznika
    Increasing cyber security at the Hradec Králové University Hospital
    View study case

You May Also Like

DO NOT HESITATE TO
CONTACT US

Are you interested in more information or an offer for your specific situation?

By submitting the form, I declare that I have familiarized myself with the information on the processing of personal data in ARICOMA.

We care about your privacy

We use cookie identifiers that are necessary for the functionality of the website. By clicking the "I understand" button, you agree to the use of other types of cookies for statistical traffic measurement or content customization and marketing targeting according to what interests you.

The consent granted in this way can be revoked at any time later or adjusted according to your preferences. This is offered by the "Detailed settings" option, where there is also more detailed information on the whole issue.

I understand Detailed settings Reject everything