Included in its "total package" approach to delivery of Internet systems, pTeraDac not only designs and develops solutions, but also offers hosting services to its web-system clients. As part of a recent project, pTeraDac's web solution was required by the client to undergo a "full-out assault" by a professional security firm.

The testing firm selected was TruSecure^® Corporation, a leading global security intelligence and services provider headquartered in Herndon, VA. TruSecure's Attack & Penetration Testing team assessed the security of the web-based application and underlying infrastructure. The security test, referred to as an ethical hack, consists of automated and manual techniques that attempt to compromise the confidentiality, integrity and availability of the system. TruSecure analyzed the system for design, architectural and operational weaknesses and performed numerous security attacks.

"The folks at TruSecure were very nice and professional, but make no mistake about it, they weren't here to play games," said Frederick Zachman, pTeraDac's vice president of web systems. "They hit our systems with everything imaginable. I know this because I personally monitored the test and associated attacks. For starters, they tried port scans, file access, password extraction, SQL injection, cross-scripting configurations, encryption decoding and even a little social engineering. It was quite detailed."

"We performed a thorough review of the application itself as well as the underlying infrastructure and found that pTeraDac had followed, and in some cases exceeded, security best practices. At the conclusion of the assessment, it was evident that the application had been designed with security in mind," said John Colon, Manager of Professional Services at TruSecure. "As more and more applications go on-line every day, it is imperative that companies stay on top of security vulnerabilities. pTeraDac is taking the proper steps to stay ahead of the curve."

"pTeraDac designs systems with a focus on security. It's not enough to just build and deliver a solution; you have to engineer a system that takes intruder activity into account," commented Zachman. "It's nice to know we successfully defended against the attack, but passing a test is only a reflection of security at one point in time. Keeping systems safe requires constant vigilance, and a structured security program, which is what we've put in place at pTeraDac."

Understanding that no solution is 100% secure, pTeraDac continues to pursue improved security and development techniques, and monitors practices such as those promoted by professional security firms like TruSecure.

About TruSecure Corporation
TruSecure Corporation (www.trusecure.com) is the leading security intelligence and services provider, offering the only fully integrated enterprise risk management services on the market. TruSecure's unique blend of proactive risk reduction with real-time security management, monitoring and response assures continuous security of critical business information assets.

About pTeraDac Corporation
pTeraDac Corporation (www.pteradac.com), a provider of advanced Internet web systems, delivers design, development and hosting services in support of client's sales, marketing and business systems. pTeraDac specializes in solutions and products for the insurance and financial services markets.