Application Security Assessments

Every organization contains web based and mobile applications integrated into business functions in nearly every organization. Vulnerabilities in these applications are increasingly popular attack vectors to penetrate network boundaries and steal sensitive information. To mitigate against these threats, effective security assessments (vulnerability assessments and penetration tests) need to be built into every application life cycle. Our staff has extensive experience conducting security assessments of custom-developed and third party applications for both commercial and government agencies.

Altonace’s Application Security Assessments are designed to identify weaknesses in applications for all operating platforms. Our approach utilizes the latest commercial automated application vulnerability scanning tools in conjunction with manual analysis of application logic, and susceptibility to common application attack vectors and insecure software development practices. Our results are designed to be comprehensive, repeatable, measurable and transparent to ensure the root cause of application weaknesses are understood and correct remediation actions can be taken.

Methodology

Radiantere performs application security assessments (vulnerability assessments and penetration tests) to identify code flaws, session management issues, application authentication processes, business logic, and input validation issues. We utilize best practices for application security testing including the relevant Open Web Application Security Project (OWASP) testing guidelines.

Our testing methodology encompasses the following technologies:

Web Applications – In-depth review of web-based applications across multiple access levels and application/system interconnections

Mobile Applications – Authentication and Access Control testing, data security, and network traffic analysis against iOS, Android and Windows Phone applications

Web Services – Evaluation of web-based application program interfaces (APIs) for security issues common in application interactions

Our application security assessments consist of:

Open Source Analysis – Utilize search engine modifiers to identify hosts, application versions, and implementation strategies for similar web applications

Network Mapping & Discovery – Identify services, applications, and vulnerabilities within an infrastructure to aid in understanding targets and detecting protection mechanisms

Application Mapping, Fingerprinting & Enumeration – Map hosts and web applications, determine the application footprint, create an application life cycle and analyze the source code

Application Vulnerability Identification, Exploitation & Analysis (Web, Web API, or Mobile) – Attempt vulnerability identification (both automated and manual) and exploitation of the application, focusing on the OWASP Top Ten vulnerability categories, and analyze the risk of identified vulnerabilities by demonstrating attacks