The Intersection of Software and Security

Learn More

Improve Your Software Security

Talk to an nVisium Expert Today

Build Reliable and Secure Applications

By integrating security into the development process, nVisium strives to find and help fix security vulnerabilities in our client's software while teaching our clients the importance of incorporating security from the ground up. We offer a range of comprehensive services to ensure that you and your company are protected from cyber threats, including security assessments, software assurance, and training.

nVisium

Services


Assessments

Contact us

Application Assessments

A standard assessment combines static and dynamic analysis, which allows our team to evaluate all aspects of an application and test risk mitigation solutions, This service also offers the most precise remediation advice.

IoT Assessments

The Internet of Things presents its own unique set of security challenges and requires a broad skillset for assessing. Our IoT assessments identify weaknesses in an entire IoT architecture including software, hardware, API, and web/mobile components.

Network Assessments

Using a combination of automated and manual techniques, our team will identify risks to your systems and networks that attackers could find and exploit. We will provide detailed information of our findings along with recommendations to help remediation efforts.

nVisium

Services


Assessments

Contact us

Mobile Assessments

Our mobile assessments identify weaknesses in how an application interacts with the mobile device, the remote APIs it communicates with, how the application is written, and the libraries it uses to function.

Cloud Assessments

Cloud security assessments of AWS, Azure, or GCP go beyond the simple security issues that are easily detected through automation. We get to know the business purpose behind your architecture, review the design, and begin an analysis of security controls, monitoring and alerting, hardening, and IAM policies and permissions. We are an AWS Partner.

nVisium

Services


Software Assurance

Contact us

Code Remediation

Our Code Remediation service was designed to ensure you don't end up with a pile of unresolved bugs and security debt once an assessment is complete. We can integrate with your development team and follow their methodology as we submit the fixed code.

Software Assurance Lifecycle

Development of security processes, standards, guidelines, application risk management, dependency management, and other elements to be integrated into the Software Assurance Lifecycle. An in-depth analysis of the current software security program and related initiatives is performed.

Cloud Security Services

Cloud security review of AWS, Azure, or GCP that goes beyond the simple security issues that are easily detected through automation. We get to know the business purpose behind your architecture, review the design, and begin an analysis of security controls, monitoring and alerting, hardening, IAM policies and permissions. We are an AWS Partner.

nVisium

Services


Software Assurance

Contact us

Software Security Program

Evaluation of your current software security program and tailored recommendations to improve, grow and mature as an organization. Designed to provide detailed analysis, maturity scoring, and a future roadmap for your software security program based on the OWASP Software Assurance Maturity Model (SAMM) Framework.

Secure Architecture Review

Comprehensive review of the application or system design, including third-party services, data storage and transmission, infrastructure design, and more. The result will not only include a list of security risks, but also guidance to resolve these identified risks.

Security Integration

Integration of manual and automated processes to uncover and remediate security risks.We leverage software tools used for detection of security risks and our secure development expertise to remediate vulnerabilities in your development cycles. Especially critical in DevOps or Agile development shops where speed is paramount and traditional approaches fall short.

nVisium

Services


Training

Contact us

On-Demand Training Platform

Our browser based On-Demand Training Platform is the next generation of training. It is made up of engaging language specific content, uses an interactive grading engine, meets PCI DSS requirements and aligns with the OWASP Top 10. It can also be integrated with your organization's Single Sign On (SSO) provider

nVisium

Services


Training

Contact us

Instructor-Led Training

We offer instructor-led training, either on-site or virtually, using our state of the art cloud-based training environment. Regardless of the format, our training courses are highly engaging and teach developers how to identify and fix flaws in their own software.

“nVisium’s approach was unique and the team provided actionable findings. They strove to make our application secure and resilient.”

Deltek

Rich Ronston / Director of IT Security at Deltek

“nVisium has a world class application security consulting team that brings unprecedented knowledge, innovation and leadership to help train, advise and assist our development teams.”

CARFAX

CARFAX

“nVisium performed a hybrid mobile assessment and then took those findings to build a custom security training course for our developers. The training was valuable, engaging and helpful for the developers to understand the importance of building secure software from the ground up. nVisium's training resulted in more secure code across the organization.”

Tinder

Tony Trummer / Director of Security Engineering at Tinder

“PeopleNet engaged nVisium to perform an architectural review of one of our in cab devices. The nVisium team was exceptional - very professional, and extremely knowledgeable and engaging. The result was an exceedingly productive and informative review of our device. "

PeopleNet

Kjell Erickson / Director of Vehicle Platform Software at PeopleNet

As an Application Security Provider we understand

We understand that risk mitigation extends beyond periodic assessments, training, and code remediation. nVisium has the capabilities to assist your team in implementing strategies, technology, and policies that align with your organization and development methodologies.

Contact us

Why Mobile Application Security?

In an era of constant, persistent connectivity, our relationships are becoming increasingly managed by instant communication channels, powered by mobile technologies. There are now more cellular subscriptions than there are people in the world and an estimated 10 billion mobile connected devices in use. The demarcation between business and personal time is no longer clear. We can use FaceTime, Slack, or have a GoToMeeting with clients on our smartphones, all while taking notes, sending emails, and even perhaps playing a little Trivia Crack on the side. We still love to go on vacations, yet, we still want to remain reachable during our downtime. Since carrying a laptop to the beach is a bit of a pain, we can just throw an iPad or Pixel C device into our beach bag. Our circles, both personal and professional, can now see the stunning backdrop with aquamarine water, sun-drenched sand, or a colorful, tall drink embellished by exotic fruits and a paper umbrella – all thanks to Instagram. Mobile technology enables us to respond from wherever we are, no matter what other things we may be doing. By having this latitude, we are forced into being connected, available, and productive in both our personal and business lives. We now carry a singular, small, smart device that provides us with constant connectivity, allowing us to be tethered to our businesses and personal lives, on-demand. But mixing business with pleasure not only raises privacy concerns, it opens our business networks to new threats. We have hundreds of mobile applications, of both business and personal nature, which are commingled on our devices. In some cases, they share, replicate, and backup data. This forces us into a tenuous balancing act of having to secure our business data and networks from these smart devices, and also to provide our employees with the flexibility to do their work from anywhere, at any time. With the gifts technology brings comes the responsibility to ensure that these devices and applications are used safely. By in large, most consumers aren’t aware of the clear and present dangers. To wit, 28% of mobile device users do not use the built-in password or device protections, yet, 80% of people use their smartphones to shop. A user’s sensitive data is stored in a myriad of locations within installed applications such as: in device memory, on the file system, numerous caches, and other built-in mechanisms like autocomplete or pasteboard. Furthermore, users can be tracked through GPS locations that the device may be tracking in contacts, images, map searches, etc. As such, a stolen or pre-owned device can include more than enough data to steal a person’s identity. Now it’s time to enter the world of mobile application security. I started my foray at a very small boutique consulting firm specializing in application security, as an Application Security Engineer in 2008. At that time, Apple was getting ready to release their second iPhone, the 3G. Google’s first commercially available handset was to be released shortly thereafter. Along with the iPhone 3G, Apple also unveiled their “AppStore” to the world. Although Blackberry had a stronghold on the business market, Apple and Google had other plans. Even back then, I foresaw the critical need to migrate existing application security practices into the mobile world, given the release of the Apple AppStore and the flurry of applications it added to the global market. It took a couple of years for Apple and Google to establish trust with the business world, and by 2010, it was clear that establishing mobile application security expertise to serve our clientele’s needs was required. Just a mere 7-10 years ago, mobile application security was a foreign concept and most clients had not given thought to leave their Blackberry worlds, but I saw the writing on the wall. I decided it was time to start researching and pursuing mobile application security. From the early days of mobile, I wanted to be involved in creating security practices, evangelizing the need for security with developers and contributing my expertise to both the technical and business sides of the house. The Open Web Application Security Project (OWASP) was a great place to help create application security standards to meet the new world order. A small group of us got together on a grassroots basis and drafted the ”Top Ten Risks of Mobile Security” and “Top Ten Controls of Mobile Security.“ We quickly determined that most of the threats and controls had to be focused on the data an application or organization may allow, store, or send to and from these devices. Once these top ten lists were drafted, I moved on to serve as an early reviewer of the “OWASP Mobile Testing Guide.” The Top Ten and Testing Guide have evolved greatly since then, but we had to start somewhere! As an application security practitioner, it is vitally important for me to ensure that businesses and individuals understand the security considerations and the ramifications if they aren’t apparent: The mobile world has evolved into “the internet of things,” or IoT, and I am delighted to be part of this rapidly evolving world with nVisium. I brought my skills and leadership to nVisium back in late 2015 because I believed in the strength of the organization, and the commitment to client’s and their application security needs. A lot of what we do is “break” current architectures to bypass built-in security controls or to expose missing security controls; however, we also help developers and clients understood the root causes and how to fix them. As an example, we were able to successfully bypass authentication and authorization controls to anonymously transfer money from one bank account to another. In another mobile assessment, we were able to successfully perform runtime manipulation and memory analysis of the mobile application to not only find and change the current logged in user’s password but also bypass the TouchID authentication mechanism. As experts in the fields of mobile application security, nVisium draws upon its combined decades of engineering and security experience to produce practical, scalable and repeatable services that help keep our clients’ software secure and businesses safe. We can integrate into your team’s existing development processes and workflows to help build a more robust security program.

Contact us Today
Amazon Web Services .NET Java Android iOS golang nodejs Python Ruby on Rails