Our philosophy is that good testing requires good planning. However, good testing also requires a “look around” to understand the system as it really is used — in a way that cannot be ascertained from a specification document. As a result, we provide an equal mix of three different approaches to cyber security testing: 1) prescribed functional tests for security features (to ensure they work as they are expected), 2) exploratory testing of the application to determine weak points, attack vectors and missing or extra functionality, and 3) automated testing for common, high risk vulnerabilities.
For this reason, iMC’s security testing methodology is based on the standards set forth by the Open Web Application Security Project (OWASP). In the past, the security industry has lacked a comprehensive security framework for classifying vulnerabilities based on the potential damage that would be experienced by the organization under attack. Furthermore, OWASP supports government agencies by providing software tools and knowledge-based documentation to protect against identified threats. Based on our team’s extensive industry experience, OWASP has filled this gap by providing impartial, practical information about Application Security to organizations worldwide.