Standards Compliant Cybersecurity

At Wildcard, we put cybersecurity first on our list of priorities. We do everything we can to ensure your systems and data are protected from hackers, Distributed Denial of Service (DDoS) attacks, and other vulnerabilities. By mixing several of the industry's best practices, we have been able to maintain a record of 100% uptime on all the websites we manage. We offer a suite of security assessments, tools, and services that make us a leader in the cyber security industry.

Wildcard Security Assessments

Contact us at to request a cybersecurity assessment today. Learn more about what our assessments cover below.

Internal/External Network Penetration Test

Wildcard engineers conduct penetration tests from external and internal networks. Attacks simulate real world network attacks launched by an adversary. The tests validate the efficiency of your current defensive mechanisms while identifying any inadequacies.

Wireless Assessment

Wildcard wireless assessments test the security controls associated with your wireless network. We examine resiliency of access points, integrity of signals, authentication mechanisms, and encryption protocols to determine the strength of your wireless security posture.

Web Application Assessment

Our web application assessments utilize the Open Web Application Security Project (OWASP) framework to determine the security stance of a web application. When we conduct black box assessments of web applications, we test the controls around unauthenticated and authenticated sessions to exploit the application.

Code Review

Wildcard can conduct security review of your application code as a one-off or as continuous integration into your Software Development Lifecycle (SDLC). A code review is the most effective way to detect software issues that could be exploited by an attacker. Our process determines the risk created by application flaws.

Phishing Assessment

The end user is often the weakest link in an organization’s information security and is commonly the initial attack vector. Our phishing campaign will test your users, the effectiveness of your security training program, and anti-phishing technologies you have in place.

Security Assessment Methodology

The Wildcard security assessment team provides penetration testing services, sharing insight on how an attacker would use a sophisticated chain of techniques to exploit your information system. We simulate real world techniques to breach your systems and processes to put you in a better position to detect and defend against a malicious actor.

We approach each assessment as a partnership with our customer. We will not only discover flaws, but we will continue to work with you as advisors to remediate issues to minimize your attack surface. You will leave each assessment with knowledge of how you could be attacked, the extent of the impact, and what it would take to remediate the vulnerability.

Wildcard security assessments are more than a vulnerability scan, which are great at detecting well-known issues. Our experienced engineers provide context that no automated tool could. By digging deeper, we often show that what a scan would label a low-level problem is actually an issue that exposes your entire infrastructure to compromise.

Our penetration testing methodology is efficient and repeatable, founded on the Penetration Testing Execution Standard and Open Source Secure Testing Methodology Manual. We provide our customers with the maximum value by appropriately scoping the project and making certain we meet your expectations.

Other Security Services

Wildcard also provides security services and tools for your web applications, whether they've been deployed by us from the ground up or you're just looking for some extra protection. Learn more about some of the services we provide below.


With various encryption technologies, we protect your data in the cloud whether it is at rest or in transit. From website Secure Sockets Layer (SSL) certificates to site-to-site Virtual Private Network (VPN), or sending messages through encrypted web applications, or even full disk encryption, Wildcard knows how to secure your data. We work with you to determine what will protect you best.

Two-Factor Authentication

Give your users peace of mind by protecting your accounts with two-factor authentication. Wildcard is the author and maintainer of Factored [code, documentation], the open source two-factor authentication web application. We have also contributed two-factor integration to the KARL knowledge management system as well as various other platforms.


Be sure if there are ever network or system failures, there is a copy of all your systems and data in another location ready to go immediately. Wildcard has deployed robust and scalable failover replication to high profile clients such as the FBI.


Just like you have a driver's license number or a social security number, web addresses have their own unique numbers as well. In order to reach a website like, your computer has to translate the web address into it's unique number. The system that does this is called the Domain Name System (DNS). A problem that has recently been growing is that an attacker can use the DNS to send you to a fraudulent website that appears legitimate. We deploy secure DNS solutions by using the Domain Name System Security Extensions (DNSSEC) platform. DNSSEC helps prevent attackers from using this technique against you.

Web Application Security

Protect your web application with an advanced web application firewall (WAF) that automatically rejects known cross-site scripting (XSS), cross-site request forgery (CSRF), and Structured Query Language (SQL) injection attacks. Achieve DDoS protection with advanced caching and content delivery network (CDN) integration. Wildcard is an expert in providing all these solutions.

Standards Compliance

We strive to comply with as many cybersecurity standards as possible to provide the most comprehensive protection available to our clients. 

Using Wildcard's Castle Cloud, customer are able to understand the robust controls in place at Wildcard to maintain security and data protection in the cloud. By tying together governance-focused, audit-friendly service features with applicable compliance or audit standards, the Castle Cloud allows customers to establish and operate in a secure environment.

Wildcard is in the midst of securing the U.S. Federal Risk and Authorization Management Program (FedRAMPsm) Authorization to Operate. The FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves an estimated 30-40% of government costs, as well as both time and staff required to conduct redundant agency security assessments. FedRAMP is the result of close collaboration with cybersecurity and cloud experts from the General Services Administration (GSA), National Institute of Standard and Technology (NIST), Department of Homeland Security (DHS), Department of Defense (DOD), National Security Agency (NSA), Office of Management and Budget (OMB), the Federal Chief Information Officer (CIO) Council and its working groups, as well as private industry.

The Castle Cloud currently follows the security requirements that address confidentiality, integrity, and availability of information services. Castle Cloud evaluates to a moderate impact system and has in place all of the regulatory controls that come with that level. The Castle Cloud meets guidelines outlined in FIPS-199, DOJ Order 2640.2F, NIST SP 800-53, and FIPS 104-2.