Certificate of Security for Granite Loan Management
Netragard successfully completed the delivery of an Advanced Persistent Threat Penetration Test (“Engagement”) for Granite Loan Management (“Customer”). Netragard measures the level of threat produced during an engagement by the amount of time that is allocated to testing each unique parameter (“Time Per Parameter” or “TPP”). A Parameter is any point within a computer that receives data or is passed data from an external and/or internal source. Examples of common web application parameters include but are not limited to Username, Password, SessionID, etc. Examples of common system-services based parameters are host, user, pass, type, etc. A higher TPP will produce a higher level of threat while a lower TPP will produce a lower level of threat. This Engagement operated a Time Per Parameter (“TPP”) of 24 while Customer’s realistic threat will operate at an estimated TPP of 10.
Netragard uses a proprietary methodology called Real Time Dynamic Testing which is derived from vulnerability research and exploit development practices. Real Time Dynamic Testing incorporates key aspects industry accepted best practices such as the Open Web Application Security Project (OWASP) and the Open Source Security Testing Methodology Manual (OSSTMM). Real Time Dynamic Testing is designed to be highly efficient and to provide maximum coverage with or without the use of vulnerability scanners. When operating at the Platinum level Real Time Dynamic Testing maintains a 98.6% success rate at total infrastructure compromise from the vantage point of an unauthenticated Internet based threat.