Our team brings together countless decades of application security assessment, secure software development, and network & database security assessment experience. Our firm has exceptional past performance in those service areas, as well as providing other technology and information management services. Our staff has a vast pool of knowledge and experience to draw on in architecting the most secure information technology solutions to meet our customers’ requirements. This type of cross-disciplinary expertise distinguishes us as a one-stop provider of secure information technology-based solutions.

Our capabilities include:

  • Web Application Security Assessments (WASA) — MCH’s most prominent capability is the expert ability to perform web application penetration testing and vulnerability assessments of web applications.
  • Secure Source Code Reviews and Static Analysis of Application Source Code (SAST) — MCH has the expertise to perform manual code reviews and to perform static analysis of source code using industry standard tools (Fortify, Fortify on Demand, SonarQube, SonarCloud, Veracode, or Checkmarx).
  • Software Composition Analysis (SCA) — MCH has the tools and experts needed to analyze applications to assess risk associated with dependencies and third-party components used in applications.
  • Dynamic Application Security Assessments (DAST) — MCH has a number of licensed products available to perform DAST scanning of applications and our staff are experts at their use.
  • REST API Security Testing — MCH’s team has the necessary extensive experience performing REST API assessments to assess them effectively despite the limited availability of mature dynamic REST API testing tools. Our staff has performed hundreds of REST APIs successfully for companies like Verizon, PwC, Accenture, and Deloitte.