square one technologies

We strive to become a trusted advisor to our valued clients by providing cyber security services.


At Square One Technologies Inc, we provide cyber security services to help clients maximize their security and risk management investments. Our cyber security specialists are uniquely qualified to provide services to elevate the security posture and reduce risks for our valued clients. Our services are specific to security assessments, penetration testing, and security engineering that involves a high degree of skilled human analysis and testing combined with effective use of automated tools and high quality reporting.



Services Overview

Security Assessments
The security assessments can help clients balance business needs with security best practices. The security assessments assist clients to identify vulnerabilities in their network and web applications. To perform the security assessments, both automated and manual security testing is performed. The security assessment begins with automated testing, which can be valuable for identifying security vulnerabilities within an application. The automated testing is followed by manual verification of found vulnerabilities, which includes removing false positives. The manual testing focuses on authentication, authorization, session management, input/output validation, configuration, sensitive data handling, privilege escalation, error handling, logical vulnerability checks, and business logic. For the security assessment, the end result includes an analysis of network and web application security vulnerabilities, as well as creating a detailed report with remediation recommendations. The report will include vulnerabilities and recommendations for how to remediate vulnerabilities identified. The report is presented to executives and key stakeholders, explaining the vulnerabilities and recommendations for remediation. 


Network and Web Application Penetration Testing

Penetration testing simulates a malicious attack in order to perform in-depth business logic testing to determine the feasibility and impact of an attack. The penetration testing includes both automated and manual testing to evaluate the security of networks and web applications by simulating an attack by a skilled and motivated attacker. The automated testing includes both application and infrastructure scanning, and includes authenticated scanning. In addition to the automated testing, the penetration testing include manual testing that covers all major aspects of the network and web application, including, but not limited to authentication, authorization, session management, input/output validation, configuration, sensitive data handling, privilege escalation, error handling, logical vulnerability checks, and business logic. With the client’s permission, vulnerabilities identified during the automated and manual testing process are exploited to determine the level of risk posed by the security issue. Based upon the automated and manual penetration testing, a report is created. False positives are removed to ensure that the report will only contain actionable issues. The report will include vulnerabilities and recommendations for how to remediate vulnerabilities identified. The report is presented to executives and key stakeholders, explaining the vulnerabilities and recommendations for remediation.


Security Engineering 
Security engineering includes providing application security expertise throughout the System Development Life Cycle (SDLC). The security expertise is specific to Security Requirements, Security Design Guidelines, Threat Modeling, Security Architecture and Design Review, Security Code Review, Security Testing, and Security Deployment Review. Our security engineering services assist clients with designing, building, and deploying secure web applications throughout the SDLC.


Security Code Review (or Static Review)

The security code review includes manually inspecting the source code of new or existing web applications for security weaknesses. The security code reviews includes, but is not limited to, reviewing authentication, authorization, session and communication mechanism. The security code review identifies security weaknesses such as buffer overflows, input and output vulnerabilities, and cryptographic functions. Based upon the security code review, a report is created, detailing the security weaknesses and recommendations for how to remediate vulnerabilities identified. The report allows for more insightful analysis and specific recommendations to help focus attention on where software is most vulnerable. The report is presented to executives and key stakeholders, explaining the security weaknesses and recommendations for remediation.




APPLICATION SECURITY Services

Security  engineering

Provide network and application security expertise throughout the System Development Life Cycle (SDLC).

  • NETWORK AND APPLICATION SECURITY ASSESSMENT
  • NETWORK AND APPLICATION PENETRATION TESTING
  • THREAT MODELING
  • SECURITY ENGINEERING
  • SECURITY CODE REVIEW
  • RISK ASSESSMENT