Network Test Labs (NTL) Software Testing Services for igaming

Transcription

1 Network Test Labs (NTL) Software Testing Services for igaming Led by committed, young and dynamic professionals with extensive expertise and experience of independent testing services, Network Test Labs has established itself as a leading software testing company in Vancouver, British Columbia. Based in Vancouver, it boasts skilled manpower, the best-of-its-class infrastructure and technology for testing and a long list of satisfied customers in finance, IT, telecom, e-commerce, healthcare, manufacturing and retail sectors. With a focus on providing the best possible solutions for clients across all domains, Network Test Labs provides independent testing services and Quality Assurance testing through dedicated North American teams and onsite experts. The proficiency we have gained in software product testing and Quality Assurance services over the years help in building strong practices and improve the delivery process to the advantage of clients. A leader in software testing services and quality assurance, Network Test Labs offers highend software testing programs and test solutions to independent software vendors (ISVs), software product companies and SME s. We strive to quickly understand and formulate the testing strategy with precision that reduce time required and cost while giving the best value for money. Precision execution, appropriate strategy, proactive communication and continuous tracking of quality goals help get things done effectively and to the full satisfaction of clients. Testing Services can be customized to include: Software Security Testing Software Secure Source Code Review Penetration Testing Database and Platform Testing Functional Testing SOA and Web Services Testing Systems Testing and Hardening Usability and Content Testing Network Test Labs Inc Richards Street Vancouver, BC V6B 2Z4 info@networktestlabs.com Data Sheet Network Test Labs (NTL) Software Testing Services for igaming

2 Network Test Labs Software Security Testing Services Experts at Network Test Labs put high emphasis on quality and make sure the system remains defect-free, is protected and functions properly. The key features of our extensive software security testing services include: Product security testing Web application penetration testing Identification of architectural, design and implementation risks Website testing Cross site scripting, including session hijack, script disabling, browser exploitation, cookie security and user tracking. Risk-driven test creation and malicious file execution Identification dependency attacks, user interface attacks, file system attacks, design attacks and implementation attacks Information systems risk assessments Static vulnerability scanning Test coverage and security analysis In-depth test analysis Formulation of security policy and process design to fix loopholes Analysis of security quality, standard and capability to resist malicious access. Future security vigilance plan preparation Flaw testing using SQL injection, XPath, LDAP and other latest techniques Testing for insecure object access, fake cross-site request and others. Network Test Labs Software Secure Source Code Review Network Test Labs Secure Source Code Review provides organizations and vendors with secure and safe software to ensure independent and trustworthy operations. With Network Test Labs Secure Source Code Review, organizations and vendors can: Identify the root cause of software security vulnerabilities in both source code and running applications detect more than 470 types of vulnerabilities across 18 development languages and more than 600,000 APIs Fix your most important security issues faster with collaborative remediation Contain existing vulnerabilities in deployed software so they can do no harm Govern the process for ensuring the security of the software you depend on Stay ahead of threats by leveraging the industry s only team dedicated to providing continuing research on application security issues and threats Comply with government and industry compliance mandates and internal policies such as Payment Card Industry Data Security Standards (PCI DSS), the Federal Information Security Management Act (FISMA), Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA) and North American Electric Reliability Corporation (NERC) standards.

3 Network Test Labs Penetration Testing Services Network Test Labs provides a detailed penetration testing service on your Internet Gaming System (IGS). We offer a unique approach in identifying and validating security weaknesses throughout your diverse environment. Network Test Lab s security experts will assess your IGS security posture in the same way an attacker would: Profile system in a stealthy, low-impact way by mimicking the evasive techniques of an actual attack. Exploit vulnerabilities in network systems, servers, databases, clientside systems, partner networks, and network devices. Provide you with a detailed final report with remediation recommendations. Reveal the implications of an attack by replication an attackers attempt to access and steal or manipulate data on compromised systems. Gain root or administrator access on a compromised system through privilege escalation. Perform a retest of the environment to ensure that all systems are patched and secured. Identify critical OS, service and application vulnerabilities within an updated library of both open-source, in-house developed and commercial grade exploits. Network Test Labs Database and Platform Testing Web and database security present some of the most complex and costly barriers to compliance with the Payment Card Industry Data Security Standard (PCI DSS). Issues like secure Web application software development, database encryption and database transaction auditing in high performance production environments cannot be addressed by simply adjusting system configurations or documenting policy for an existing process. These issues have architectural and human resource implications that significantly impact IT budgets. Network Test Labs can perform over 1000 tests and assessment policies against industry best practices such as DISA STIG and CIS benchmarks. Platform Coverages Include: Oracle Database Oracle Exadata Microsoft SQL Server SAP IBM DB2 IBM Informix MySQL

4 Network Test Labs Functional Testing Services Network Test Labs functional testing services assure the software product quality and make sure its efficient functioning must not be restricted because of present and future risks. Our competency in usability testing and quality assurance guarantees that the client application is tested against given and foreseeable objectives and satisfies all parameters. The expertise our team has in functional testing automation ensures error-free integration, effective compatibility testing and enhanced reliability of applications across all industries at a low cost and within the least possible time. Network Test Labs functional testing services include: Experience-based testing Through exploratory testing Usability testing API testing Website testing Multi-browser testing Code-based or white box testing Decision table testing Security testing Network Test Labs Web Application Load and Stress Testing A well-structured web environment consists of an extremely complex multi-system. Scaling this infrastructure from end-to-end requires managing the performance and capacities of individual components within each tier. The following diagram illustrates the complexity of these components. Load Testing is a critical aspect in deciding whether an application is ready for prime time. This is achieved by executing extensive testing and analysis to determine performance levels and the breaking points of an application. The Web Application Load and Stress Testing is performed to evaluate the multi-user support capabilities of your company website in order to assess in predicting when future load levels will exhaust the Website systems and infrastructure. As a result of the testing, effective enhancement strategies can be developed with our experts to maintain acceptable user experience.

5 The Web Application Load & Stress Testing will be performed over the internet from Network Test Lab s laboratory in Vancouver, British Columbia, Canada. NTL has divided the scope of work for the Web Application Load & Stress Testing into the following eight distinct components: Profiling Application System Transaction Response Time Traffic Throughput Concurrent Sessions Performance Measurements Optimizing for Bandwidth Reading Metrics Reliability and Stability Network Test Labs Cryptographic Controls Review Network Test Labs security architecture and control provide the protection of information and the implementation of confidentiality, integrity and availability (cryptography, integrity, digital signatures, key distribution, key management and PKI). Cryptography and Encryption Services include: Authentication, Confidentiality, Integrity and non-repudiation Network Test Labs Security Services include: Information Assurance Confidentiality Symmetric Encryption Confidentiality Asymmetric Encryption Integrity and Authentication Access Authentication Certificates and Public Key Infrastructure Certificate and Public Key Infrastructure VPN s and IPSEC TLS, SSL and SET Web Services Security

6 Network Test Labs Mobile Application Testing Network Test Labs mobile web application testing tools are designed to keep in view the latest developments, automation requirements and need for cost-effective testing solutions. Our security team has extensive experience in app store testing, various versions of smartphone and ios testing, hardware testing and constantly upgrades its technical proficiency through training and monitoring of latest trends and developments in testing iphone application, Android mobile application testing, Blackberry testing, and Windows phone testing. Network Test Lab s mobile application testing tools can be custom-made for all types of devices and software. The following points showcase the important features of our services: Preparation Network Test Labs security experts arrange a conference call to: walk through your application, obtain any necessary testing information such as URLs, credentials, application builds, and source code, provide an overview of our testing process and discuss any special testing requirements. Application Footprint Analysis The application is installed on the mobile device, with a before and after snapshot taken of the file system and (if applicable) registry. All files related to the application are analyzed to determine whether they contain sensitive information, such as passwords, credit card numbers, etc. The file system is examined again after performing significant transactions, such as money transfers, to determine which files are being changed and whether or not they can be manipulated to exploit the application. Reverse Engineering If source code was not provided, the application is decompiled in order to uncover the underlying programming logic. This code is examined to determine whether or not it is possible to exploit the application by modifying or removing key pieces of programming logic. Network Test Lab security experts attempt to uncover design flaws with the application and hidden secrets such as passwords and encryption keys in the code. Modified versions of the application are built if necessary to explore potential vulnerabilities. Code Review If source code was provided, Network Test Lab security experts examine the code for traditional vulnerabilities such as SQL Injection as well as mobile application and platform specific vulnerabilities. Traffic Interception and Analysis Most mobile applications interact with a server through HTTP/HTTPS or other means. Our consultant will configure the mobile device to route traffic through a proxy such as Burp Suite in order to examine the server communication. This communication will be analyzed to look for authorization issues, injection flaws, etc. Report Preparation Network Test Labs security experts take the results of all testing and code review and compile a consolidated report, detailing all vulnerabilities uncovered during the testing process along with severity levels and recommendations for how to remediate each vulnerability that was identified. Debriefing Network Test Labs security experts present all findings to executives and key stakeholders, answer all questions and provide remediation advice. Network Test Labs Inc Richards Street Vancouver, BC V6B 2Z4 info@networktestlabs.com Data Sheet Network Test Labs (NTL) Software Testing Services for igaming