Service Offerings

  • Source Code Review: In depth analysis of security critical functions in order to find difficult to
    exploit vulnerabilities or implementation flaws.

  • Detailed Proof of Concepts: Step by step reproduction details provided to maximize impact.

  • Threat Modeling: Go beyond simple CVSS scoring prioritize vulnerabilities based on business
    impact. Industry standard STRIDE and DREAD frameworks inform severity ratings and ensure
    your engineers are spending their time where it’s most needed for remediation.

  • Tailored Remediation Guidance: Specific for your organization, codebase and tech stack.

  • Rigorous Testing: of your REST or GraphQL endpoints.

  • Development of Custom Test Frameworks: Utilizing tools like PyTest to bring Behavior Driven
    Development (BDD) security practices to your CI/CD pipeline.

  • Authentication and Authorization: Validation of AuthZ and RBAC controls that
    static or dynamic analysis might miss.

  • Fuzz Testing: Testing for boundary and edge conditions tailored to your application and tech stack.

  • Business Logic Vulnerability Testing: Thorough analysis of the API's business logic to uncover
    potential vulnerabilities stemming from flawed logic or inadequate access controls.

  • Building Security Teams: Making your first security hires can be a challenging process. Leverage our expertise in writing job descriptions, networking, and during the interview process to select qualified candidates, from Individual Contributors to CISOs.

  • Bootstrapping Security Programs: Are you a startup suddenly needing to answer questionnaires from Enterprise Customers and finding yourself at a loss on where to begin? Let Katahdin Security help.

  • Vulnerability Management and Bug Bounty Assistance: Are you interested in creating a program to track, analyze, and remediate vulnerabilities in your organization? We can help.