Web Application Security Assessments
Our goal when performing assessments, and the ultimate value therein, is to reduce the total time to fix the problems we’ve identified, as well as identify vulnerabilities at every level of the software stack your application is using.
When a consultancy delivers a security assessment report, you want the recommendations as well as the overall report to be as granular and specific to each problem as possible. After all, your development staff will have to interpret these recommendations in order to fix each security problem and your security team will need to know how to prioritize each vulnerability.
We offer several assessment options to fit your needs or requirements:
Source Code Review
Our team performs a complete analysis of your application's source code to uncover security flaws, and provides actionable remediation steps.
Our team analyzes a live copy of your application and systematically reviews each security control, searching for weaknesses in application behavior.
A combination of our Dynamic and Source Code analysis allows our team to evaluate all aspects of an application as well as test risk mitigation solutions. This category offers the most precise remediation advice.
Also known as the “Black-Box” assessment. This is a test conducted from the perspective of an external attacker. It illustrates how someone could go about gaining unauthorized access into an application and its internal data.
So how do we do this? It starts with our team, the people who make up our consultancy. Our team consists of security engineers with years of security, software development, and consulting experience. That experience has led our team to create methodologies, internal tooling, and a comprehensive knowledge-base of vulnerabilities by framework, language, as well as accompanying recommendations. Each consultant knows how to identify these issues, has the tooling and methodologies to assist them, and has the experience to effectively communicate resolution steps for each identified vulnerability.
Each assessment report will contain a summary written for executive staff, a summary of the findings and what they mean in terms of overall risk, a resolution strategy, and the vulnerabilities themselves. Each vulnerability is described in detail with attack reproduction steps, risk as determined through CVSS scoring, and granular recommendations that help reduce the total time to resolution.
Whatever your reason may be for performing an application security assessment, whatever type of assessment you decide on, we are confident that our team provides a thorough approach and efficient resolution strategies that will benefit you.