At AIM, we specialize in conducting enterprise-wide and system-specific Threat and Risk Assessments (TRAs), along with advanced application and web penetration testing. Our detailed TRA methodology is designed to identify vulnerabilities and mitigate risks across your application, network, and computing infrastructure, ensuring maximum security for your organization.
Our TRA approach is customized based on the CSE-RCMP Harmonized TRA methodology and other leading standards, including:
Government of Ontario MGS TRA methodology
ISO/IEC 27005:2008 for information security risk management
NIST SP800-30 Risk Management Guide for IT systems
We help safeguard your business by ensuring your infrastructure is protected against potential threats, aligning with global security standards.
With extensive experience in network infrastructure, computing layer, and application layer vulnerability assessments, AIM has helped numerous organizations, including healthcare, mitigate risks. Our Technical Vulnerability Assessments (TVA) and penetration testing methodologies are built on the best practices from OSSTMM (Open Source Security Testing Methodology Manual) and OWASP (Open Web Application Security Project).
We conduct both black-box and white-box testing to identify vulnerabilities, using industry-leading tools and techniques to reveal weaknesses in your network, infrastructure, and applications.
Our Infrastructure and Network-Level Assessments aim to uncover security vulnerabilities at the network and operating system levels. We conduct tests from two key perspectives:
External attacker: Simulating a malicious actor attempting to breach from outside the network (e.g., via the Internet).
Internal attacker: Simulating an individual who has bypassed external defenses, attempting to cause damage from within.
Our methodology is based on the OSSTMM (Open Source Security Testing Methodology Manual) framework, ensuring comprehensive coverage of your security posture. There are multiple checks under each of the category mentioned below.
At Architecture in Motion (AIM), our Web Application Penetration Testing is a comprehensive security assessment designed to identify vulnerabilities at the application layer. Common vulnerabilities we uncover include SQL injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF). Our approach is highly manual (around 70%), allowing our testers to create custom threat profiles specific to your application and uncover contextual security risks.
We conduct application security assessments in two key categories:
Web Application Assessments: These are applications presented through a web server and accessed via a browser. Our assessment methodology adheres closely to the OWASP (Open Web Application Security Project) standards, ensuring a thorough evaluation of security risks.
Thick Client Server Applications: These are applications that are executed or installed on a client machine. We apply a tailored approach to evaluate their security posture.
Our penetration testing is conducted from different perspectives, simulating various attack scenarios:
Our penetration testing is conducted from different perspectives, simulating various attack scenarios.
This simulates an attacker with some knowledge, such as a user or someone with partial insight into the application’s workings.
In this scenario, we simulate an insider with full knowledge of the application, its environment, and even access to source code, such as a disgruntled developer.
Each type of assessment follows a structured methodology, ensuring that vulnerabilities are identified and mitigated effectively. Let AIM help secure your web applications and client-server environments with our expert vulnerability and penetration testing services.
AIM’s Manual Source Code Review blends automated tools with human intelligence to provide in-depth analysis and uncover vulnerabilities. This hybrid approach reduces false positives, ensures high accuracy, and allows for detection of business logic security flaws, including custom backdoors. Our process is adaptable to your programming styles, providing comprehensive code analysis.
AIM’s Information Security Health Check offers a holistic and customizable tool to assess your organization’s overall security posture. This evaluation covers critical aspects, including:
Information Security Strategy: Aligning security measures with business goals.
Security Management and Governance: Ensuring the right policies and structures are in place.
Security Operations: Assessing incident response, identity management, and risk processes.
Privacy and Compliance: Strengthening regulatory compliance for data protection.
Technical Architecture: Evaluating the resilience of your infrastructure against cyber threats, optionally including technical vulnerability assessments and penetration testing.
At AIM, we offer cutting-edge risk management services to protect your enterprise from modern security challenges, ensuring your business remains secure, compliant, and resilient.
4606 Cypress Creek Pkwy, Suite #497
Houston, TX, 77069, USA
320 North Service Road West,
Oakville, ON, L6M 2R7, Canada
Tel: +1 (226) 770-8911
hello@iaim.ca
Copyright © 2025
Architecture in Motion
