Introduction 

Securing your information and protecting your company's reputation isn't just about technology. 

It's about policies, procedures, and configuration guidelines. 

It's about increasing the security awareness for your employees, and empowering them to stay ahead of the threats. 

It's about understanding the weaknesses, threats, and assets of your business in order to calculate the risk. 

It's about mitigating the risk to an acceptable level.

Maven Security Consulting understands the big picture.  How?  Experience.

Services Overview 

Our consulting and education services focus on the areas of firewall, web site, web-based application, and dial-in architectures.

  • Ethical hacking & vulnerability assessments (networks, web apps, wifi, VoIP and NGN)
    (Assessment Phase of Security Life Cycle)
  • Web application security architecture reviews
    (Design Phase of Security Life Cycle)
  • Web application development best practices
    (Design Phase of Security Life Cycle)
  • Security training & education
    (All Phases of the Security Life Cycle)

  • Maven Security has provided expert testimony in a computer-security related criminal case; and is available for civil cases as well.

    General consulting and other services are also available.

Distinctions 
  • Vendor Independent: We don't have an agenda (nor get a commission) when we make recommendations.

 

  • Morally Inflexible: Sorry, are staff doesn't have any elite black-hat criminal records to brag about.  Trust is key when dealing with the types of information and access our customers share with us.

 

  • Experience: Members of our staff have been doing commercial-grade security penetration testing since 1996.
Service Examples 
  • Next Generation Networks & VoIP: Are you trying to design a voice over IP solution to reduce your company's costs?  Whether it is a small deployment or a carrier grade network, we can help architect or audit it.

    See our     Resources page for information about SiVus.

 

  • Training: Do your internal auditors know how to effectively and safely test for the latest vulnerabilities? Multi-day hands-on workshops are available from Maven Security to teach your staff how to conduct security assessments.

    Click     here to see some comments from student's who have attended our training courses.

 

  • Web App Security Audit: Have your web applications been tested for security weaknesses?  Firewalls and encryption are not enough!  Each web-based application is different and no fully automated tools exist to test them.  Scanning for default CGI scripts and open ports hardly constitutes a security assessment.  Randomly modifying a few form-elements or browser cookies is not a methodology.

    Our comprehensive methodology analyzes the security of your web application from validation of each form-element (SQL Injection, XSS, etc), all the way up to higher-level concepts like application logic flaws and session tracking weaknesses.  An overview of our methodology is included with proposals submitted in response to your company's RFP (Request for Proposal).

    Members of our staff have been performing web application security assessments since 1996.  See the     WebMaven and Achilles tools for our contributions to the security community.  Our Resources page also includes various white papers and presentations on the topic of web application security assessment techniques.
Home | Services | Events | Resources | About | Contact |
Auditing web app security since 1996

Please contact with questions or comments.
© Copyright 2001-2008 Maven Security Consulting, Inc. All rights reserved.