Application Security Assessment
OVERVIEW
A Developer Centric Approach
One of nVisium’s key differentiators to application security assessments is a developer-centric approach to helping clients remediate identified issues. Our Hybrid approach allows nVisium to determine exactly where vulnerabilities occur and precisely how to fix the problems. nVisium’s team of software and security engineers will provide specific remediation guidance in the form of refactored code examples and concrete implementation guidance.
This produces recommendations that are immediately actionable and aimed at reducing the total engineering overhead associated with remediation efforts.
Overview of nVisium’s
Hybrid Testing Methodology:
All of nVisium’s application security assessment methodologies cover flaws outlined in both the OWASP Top 10 and WASC Threat Classification and meet the criteria for PCI DSS 11.3.
BEST OF BOTH WORLDS
Application Assessment
As part of our most popular service offering, nVisium will evaluate all aspects of an application and test risk mitigation solutions for a fully comprehensive security assessment. Our Hybrid Application Assessment approach utilizes a multi-step methodology combining the strongest aspects of both static and dynamic analysis to provide the most extensive and efficient assessment possible. nVisium’s Hybrid Assessment, which combines source code review with black box (or dynamic) testing, is what differentiates nVisium and allows for the most comprehensive and effective assessments for our clients. This approach allows for a best-of-both-worlds assessment.
RUNTIME ENVIRONMENTS
Structure vs. Function
nVisium will review the application in its runtime environment in order to learn how the application works from a purely functional standpoint. This allows nVisium to better understand the application, as well as identify key areas where business logic should be thoroughly reviewed. After determining how the application works, nVisium will perform a review of the source code to discern the structure of the code base.
The intersection of Software and Security
nVisium integrates with your team’s existing development processes to help build a more robust software security program within your organization. Each member of our team has an extensive background in both software engineering and security.
