Security Badging

Visible and Trustworthy Security Assurance

Third Party Validation

Aerstone’s badging program clearly communicates to your users and clients the completion of a meticulous third-party security assessment. Security badging helps to demonstrate an organization’s responsible approach to security and privacy, and shows a level of due diligence in keeping with industry standards. Depending on the level, testing may include penetration testing, social engineering, and various other security tests. All testing is based on industry standards including guidelines published by the U.S. federal government, international organizations, and community groups such as US-CERT, SANS, and OWASP. Aerstone offers separate security badging tracks for:

 Web Applications, including websites, commercial, or financial applications

 Corporate Infrastructure, including servers and networking security equipment and software

Each badging track has five available levels of assurance, ranging from 1-5, with 5 being the most stringent. Testing may be performed on-site or remotely, depending on the type and purpose of the testing. Upon completion of the assessment, Aerstone will provide the badge image with instructions on how to display it on a corporate website or web application. Clicking the badge will present a certification page listing the application name, date of assessment, and a description of tests conducted. All badges must be renewed annually.

Click the badge below to see a sample certification page

Web Application Assessments

Level

Type

Recommended For

Description

Vulnerability Scanning Unauthenticated services External “health check” scanning to provide a security posture report for the web application/site.
External Vulnerability Assessment Unauthenticated services; Educational services Adds manual investigation of security issues not found by automated scanning.
Penetration Testing – Limited Knowledge Unauthenticated services; Educational or Payment services Adds penetration testing, simulating hackers and Cyber threats. The goal: identify and confirm vulnerabilities within the application or site that are exposed to the public Internet.
Web App Penetration Testing – Full Knowledge Educational or Payment services; Authenticated Services and Portals Adds internal user and role testing. By providing test credentials and design information, full knowledge testing identifies weaknesses exploitable by internal users and allows targeted testing on functionality specific to the app.
Advanced Penetration Testing Educational or Payment services; Authenticated Services and Portals; Critical services Our most advanced and comprehensive offering which adds technology based social engineering (phishing, malicious removable media, etc) and developing custom attacks. Longer-term engagement provides more analysis and in-depth investigation of security issues.

Corporate Assessments

Level

Type

Recommended For

Description

Vulnerability Scanning High-level assessment focusing on discovery and discovering potential vulnerabilities. External “health check” scanning to provide a security posture report for the target network(s).
Vulnerability Assessment Identifies and verifies network-based security issues. Adds manual investigation of security issues not found by automated scanning.
Penetration Testing Uncovering security weaknesses and fully exploring the impact of exposure. Adds penetration testing, simulating hackers and Cyber threats. The goal: identify and confirm vulnerabilities within the infrastructure.
Penetration Testing – Full Knowledge Assessing networks or systems processing or storing sensitive information. Includes educational, healthcare, or financial systems. White Hat testing. Adds research and analysis of system design and configurations provided prior to testing. Allows for developing custom attacks on critical targets based on pre-test analysis.
Advanced Penetration Testing Assessing critical infrastructures. In addition to systems listed for level  4,  systems that process or stores PII, financial data, national security, and other sensitive information. Our most advanced and comprehensive offering which adds technology based social engineering (phishing, malicious removable media, etc) and developing custom attacks. Longer-term engagement provides more analysis and in-depth investigation of security issues.

Our Experience Sets Us Apart

Aerstone is an NSA-certified vulnerability assessor, and a service-disabled veteran-owned small business.
We approach each engagement with the highest levels of professionalism, determination, and creativity, honed by years of working with
security professionals across the military, intelligence community, civilian government, and private industry.

Contact our sales team at sales@aerstone.com for more information.

Contact Us