Take Action with
Advanced Security Assessments

Our team identifies and assesses gaps in your network with services including comprehensive penetration tests, source code analysis, vulnerability assessments and more. Our security assessment tools are proven to eliminate false positives and negatives, and provide you with comprehensive, actionable results.

Penetration
Testing

We provide advanced penetration testing solutions to enhance your network’s frontline. Our cybersecurity experts assume the role of adversary, intent on gaining access to your network and using every tactic and tool to try to get in.
We provide several different models and testing formats:

  • Black Box

    A type of penetration test most resembles a real-life cyber attack. In this type of test, we have no prior knowledge of the network architecture, applications or security infrastructure of the target. We follow hacker methodology starting with open source information gathering and reconnaissance, deliver a successful attack, pivot within the network, perform privilege escalation and attempt to maintain access within the network.

  • White Box

    Secure your applications with proven white box testing. In this type of assessment, our experts attempt to find and exploit potential vulnerabilities in your software. As opposed to black box testing, in a white box test our team has total knowledge of the application, enabling us to comprehensively scan and identify weaknesses. Our unique testing approach enables your developers to continue their work without interruption, while ensuring applications are as secure as possible before they go to market.

  • External Testing

    An external penetration test is performed remotely (off-premises) and is designed to resemble an attack from the internet. We perform a comprehensive test against all public facing internet assets to include email servers, VPNs, web servers and firewalls.

  • Internal Testing

    Our internal penetration tests are performed from our customer’s site and are designed to resemble an insider threat. Insider threats include employees with malicious intent, adversaries who have breached the physical perimeter, and cyber adversaries who have penetrated the digital perimeter.

    Blue Star penetration tests are model/format pairings depending on your needs. For example, in an internal white box penetration test, Blue Star security experts would be on-site for the duration of the test and be given prior knowledge of the target. In addition, our penetration testing service can also be used to test your incident response procedure.

Network
Vulnerability

Organizations tend to relax security controls once a user is authenticated and inside the internal network. As a result, many vulnerabilities are often found on the internal network. 

Our network vulnerability assessment differs from a penetration test in that it’s designed to be conducted on-site, with administrator level credentials, with access to internal IT resources, diagrams and configuration files. We review your entire enterprise network from the inside paying special attention to patch management processes and data backup policies. Ports and services accessible from within the network such as FTP, DNS, WWW and SMTP are thoroughly reviewed. We also review firewalls, encryption and authentication methodologies. 

If any vulnerabilities are discovered during the network security assessment, we review the viability and severity by attempting to exploit them. As a result, we leave no endpoint un-scanned, no firewall un-probed and no patch unimplemented.

Wireless
Network
Assessment

Today, many organizations want to provide mobile access as a form of convenience to both customers and employees. Everyone from someone who connects to the guest network in the lobby, to a long-time employee utilizing the company’s Bring Your Own Device program, expect a seamless wireless experience. But with added convenience comes additional questions. Where does the wireless signal end? Is it possible for a passerby on the street to pick up this signal? Can a hacker broadcast a stronger wireless signal and trick all devices in the organization into connecting to the system? With Blue Star’s mobile network assessment, you can finally know the answer.

Our security experts perform a comprehensive review of all wireless network diagrams to ensure no vulnerabilities exist in the network configuration. Once completed, we conduct identification and penetration testing of all wireless access points. We use the same tools that malicious actors use in order to determine the security state of your network, but we don’t stop there. If our Cyber team gains access to the wireless network, we will attempt to pivot inside the network to determine potential data leakage opportunities from the vulnerable wireless network.

Web
Application
Security

Web applications serve as the public face of most companies. Services such as online shopping, banking, email and streaming entertainment are provided instantaneously from any internet connected device. The availability and convenience provided by web applications provide a large target for adversaries.
Blue Star offers two services in our Web Application Security Assessment area:

  • Static Web Application Source Code Analysis

    We perform a comprehensive review of a web application’s source code looking for vulnerabilities that may be exploitable by potential adversaries. This service allows us to provide a snapshot in time of the web application’s current security state.

  • Web Application Penetration Testing

    We imitate a cyber adversary seeking to infiltrate a web application. A combination of red team experience and state of the art penetration testing knowledge are used to discover exploitable vulnerabilities.

    While these two services can be conducted separately, they are usually requested as part of a combined package. We use the Open Web Application Security Project (OWASP), an industry recognized web application security framework, as a baseline to inform the testing. Special attention is given to SQL-injection or command-injection vulnerabilities that may compromise databases, as well as vulnerabilities that lead to escalation of privileges, information leakage, or unauthorized access to critical IT resources.

Adversarial
Emulation

Our cyber team can assess and mimic how any given adversary operates. As a result, your team can improve their resilience and stay one step ahead of threats. Our Adversarial Emulation services go beyond traditional vulnerability scans and pen tests. We use a field tested, structured approach based on a kill chain or attack flow. This enables our team to rapidly detect possible threats and mitigate them with precision.

Cloud
Security

Your infrastructure is the foundation of your organization. As security threats become more sophisticated, cloud computing is no less at risk than on-premise environments. We’re trained to comprehensively assess your cloud security to identify and solve gaps. From 24/7 cloud monitoring to infrastructure security, our best-in-class cloud solutions enable your team to work securely, regardless of location. Discover how Blue Star cloud security can help you work more efficiently and more securely, all while reducing your costs.

Source Code
Analysis

It’s critical to conduct an in-depth review of an application’s source code because most vulnerabilities are introduced during software development and have the potential to go undiscovered for a long period of time. Our source code analysis goes beyond the use of automated tools, as these tend to result in high levels of false positives and negatives. Instead, we combine insight with years of experience in source code audits to provide the most accurate results possible. Some items of particular scrutiny include input validation, authentication mechanisms, API use and memory management.

As enterprise software often contains millions of lines of code, our team begins its source code analysis by reviewing the logical flow and understanding the functionality from a high level. This enables our experts to focus on suspected vulnerable areas of code. Depending on the size of the application, a comprehensive source code analysis can take up to several months to complete.

Learn More About
Blue Star Security Assessments

Identify your threats before they turn into issues. Contact us to learn more about our advanced security assessments. We will respond shortly.

Let’s Start
Protecting
Your
Enterprise