Ironwood Security

What we do:

• 1. Security Code Reviews
• 2. Product Security Evaluations
• 3. Reviews of Product Configuration Details

Contact: 510-744-9984
inquiries@ironwoodsecurity.com

Security Code Reviews are inspections of source code (Java, Javascript, Java Server Pages, Perl, C, C++, etc.) which look for coding weakness that could be used to compromise a site. We will cite the code and indicate the reason for concern.

Product Security Evaluations are reviews of products for which source code is not available. We evaluate the product for possible security concerns, and give advice on configuring the product to reduce vulnerability.

Review of Product Configuration Details is a review of an installed product's configuration file(s), usually in conjunction with a Product Security Evaluation for that product, where we comment on the security of the product running with that configuration, and give advice on configuration details for reducing vulnerability.

Why do you need security reviews?
Who are we?

Why Do You Need Security Reviews?

Seven Best Reasons for doing Security Reviews

• 1. Application developers are concerned with the functionality and ease of use of your product, and may not be fully trained in security considerations.
• 2. We stay abreast of current security practices and reports of vulnerabilities and exploits.
• 3. We have developed tools for detailed analysis of web code, that searches out security weaknesses and vulnerabilities.
• 4. Compromised websites may be a source of liability, as well as loss of business, loss of customer confidence, internal corporate embarrassment, and competitors' glee.
• 5. Repair of compromised sites is costly, time-consuming, and disruptive.
• 6. Some vulnerabilities are due to complex interactions between different components of a website, and are not apparent in a review of any single component.
• 7. The nature of the Internet exposes you to malicious intent originating anywhere on this or nearby planets.

Who Are We?