Challenge
Application security is frequently overlooked during security planning. Developers are under pressure to bring custom applications online quickly and security can suffer in the process. Many of these applications store sensitive data that needs to be protected even when sharing information across extranets and over the Internet. Unfortunately, the market for stolen personal information, credit card numbers, Social Security numbers, and passwords is flourishing and Internet criminals harvest information from insecure applications that haven't been tested sufficiently. In addition, applications are often subject to government and industry compliance mandates: New York now requires documented proof that vendors have mitigated the SANS Top 25 programming errors prior to working with the state. PCI requires a secure development lifecycle, code reviews, penetration tests, and more. Regulations and standards such as HIPAA, FFIEC, GLBA, ITILv3, and ISO 27002 have general security requirements relating to application security.
Solution
FishNet Security's Application Security Assessment and Penetration Testing provides an extensive and objective security analysis of your internally developed or commercial applications that looks for vulnerabilities that can lead to a compromise of sensitive data. Our service, performed by experienced and credentialed professionals, evaluates current security standards and levels of compliance against existing threats. The end result includes an analysis of application-level vulnerabilities and platform or server misconfigurations, as well as detailed recommendations for remediation.
Benefits
- Balances time-to-market demands with security best practices
- Provides documented proof that your applications are secure
- Identifies application security issues before cyber criminals can take advantage of them
- Ensures the integrity and security of information assets
- Increases user confidence that sensitive, business-critical data is protected
FishNet Security's Application Security Assessment and Penetration Testing offering and our cafeteria menu provide the flexibility you need to customize our engagement to meet your security and budget requirements. Services include:
Application strategy and program development
- How to complete an application and information inventory
- Meeting and maintaining application related compliance requirements
- Developing internal application security policy, procedures and testing standards
- Establishing initiative sponsor and stakeholders
- Defining methods of application security due diligence
Application security penetration testing
- An in-depth review of application security best practices, including how the enterprise application performs authentication, authorization, encryption, session management, access control, auditing/logging, and configuration management
Analysis of an application's security posture in a runtime environment
Identification of security vulnerabilities, weaknesses, and other bad practices within the application logic and supporting infrastructure
- Provide actionable recommendations for remediation or risk mitigation
Performing due diligence on affiliates/business partner applications