Focuses on identifying vulnerabilities on your Applications hosted On-Premises/Cloud and attempt to exploit them.
Aplication Vulnerability Assessment
Perform application vulnerability assessments on the applications to identify security flaws.
Discover exploitable vulnerabilities in web applications and attempt to compromise them. Performed as per OWASP and SANS standards.
Assess the threats associated with the vulnerabilities and breaches observed.
Scope of Assessment
We perform the Vulnerability Assessment and Penetration Testing on the Applications
We perform the Penetration Testing to cover the below OWASP categories
Report of Exposed Vulnerabilities & Threats on the Applications
Report of Assets Breached
Information of Required Patches & Remediation Strategy
Security Posture Improvement Techniques
Focuses on collaborating with your internal teams to understand the architecture of the applications and provide end-end security assessment to ensure best practices are met and security controls in place.
Engange & Collaborate
Engage during the application development lifecycle (preferably) of even after the application development.
Collaborate with application and enterprise architects to design security.
Evaluate amd Implement
Evaluate individual application components of and data flows to ensure security policies are met.
Develop and implement information security stategies during the application development lifecycle.
Identify threats and vulnerabilities that impact the applications some of which are not identified with typical VAPT.
Access risks caused by the threats and the vulnerabilities observed.
Identify the controls in place and their effectiveness to mitigate the risk.
Ensure the controls conform with organization’s security policy and NIST standards 800-37, 800-30, 800-39.
Scope of Assessment
We perform End-End Risk Assessment on
We cover various areas to understand the application architecture to assess the risk
Sample Assessment Review
The assessment process identifies the gaps in the architecture and help the application and architecture teams to design security during the development lifecycle.
Questions to Ponder
- Where is the SSL certificate terminated (on load balancers or web servers)?
- Is PII information displayed or masked on the web interface?
- What is the max session timeout configured on the application?
- Can you create local accounts on the application?
- Where are the passwords stored?
- Is there logging enabled?
- Are passwords hashed?
- Are there any default accounts on the application?
- Report of Vulnerabilities & Threats associated with the Applications
- Report of Risks Identified and Mitigation Controls
- Assess Residual Risk and provide Risk Mitigation Strategy