AQM offers a single window managed Security Testing services with state of the art SIEM product platform and a unique 4 step Monitor, Detect, Inform and Resolve approach. With AQM’s dedicated security professionals managing security elements you can also relieve your internal IT staff from operational tasks.
AQM’s Security testing solutions cater to diversified business needs adopting the latest industry standards and security testing methodologies. AQM's testing solutions for network layer, application layer, server layer and database layer secure businesses from all layers of vulnerabilities and make it hack proof. Uncover vulnerabilities in applications and ensure that application risks are minimized with monthly on-going costs and without investing on product platform. You also get to keep up with security and technology changes without affecting your business growth.
AQM Security Testing approach ensures compliance to standards, best practices and regulatory requirements such as:
- Open Web Application Security Project (OWASP) Top 10
- The Web Application Security Consortium (WASC)
- Payment Card Industry – Data Security Standards (PCI-DSS)
- International Standard Organization (ISO) 27001:2005
- Health Insurance Portability and Accountability Act (HIPPA)
- Sarbanes-Oxley Act (SOX)/Central Bank Regulations
- Family Educational Rights and Privacy Act (FERPA)
- Data Protection Act and many more...
AQM’s focused security testing approach helps customers in preventing application vulnerability and strengthen the security environment.
- A1 – Injection: e.g., SQL Injection
- A2 - Broken Authentication and Session Management: e.g., Password / Session Token Compromise
- A3 – Cross Site Scripting: e.g., Stealing Cookies
- A4 – Insecure Direct Object References: e.g., Object access such as restricted file or directory
- A5 – Security Mis-configuration: e.g., Source Code Access, Account Lockout setting not implemented
- A6 - Sensitive Data Exposure: e.g., not properly protect sensitive data, such as credit cards, tax IDs
- A7 – Missing Function Level Access Control: e.g., function level access rights
- A8 – Cross Site Request Forgery: e.g., Stealing Other Users Identity
- A9 – Using Components with Known Vulnerabilities: e.g., Vulnerable Components, such as libraries, frameworks, and other software modules
- A10 – Unvalidated Redirects & Forwards: e.g., Phishing sites or Bogus sites not getting being validated