Application Security
Digital Assurance offer a complete range of software and application security assessment services which can be delivered individually or as part of of a wider enagement containing a number of elements. Our application assessment services have been developed to provide customers with assurance that the security measures in their bespoke and COTS application deployments are robust and effective whilst identifying where and how improvements may be made. Typical projects range from the assessment of web based applications, to the detailed review of database systems and enterprise business applications such as SAP.
Application testing
Application testing is designed to identify security issues and risks in both bespoke and COTS applications. Such engagements involve a detailed examination of the applications security controls and operational behaviour, any identified areas of potential weakness are analysed to determine the level of risk that may be posed. Application testing is typically performed on web applications, traditional client/server applications and sometimes stand-alone applications.
Application review
Application security reviews are designed to identify security issues and risks in both bespoke and COTS applications. Such engagements involve a detailed examination of the applications security controls, component structure, technologies employed, operating environment and operational behaviour. All identified areas of potential weakness are analysed to determine the level of risk that may be posed. An application security review seeks to encompass as much of the application development and deployment life-cycle process as possible.
Source code review
A firewall review examines the deployment of a firewall, looking at both configuration and rule-set in an attempt to identify any security issues and where possible improve upon both performance and security by rationalising rules based on business traffic requirements.
Wireless network testing
Level 1: Involves an examination of application source code with a specific focus on application security controls and other key application areas such as code sections exposed to user controlled data or network communications. Examined code is checked for effective, secure design and functionality and any flaws or weakness are identified.
Level 2: Involves an examination of all application source code. The review includes the analysis of code to determine the presence of any unintended or malicious functionality (back-doors) as well as checking for general secure coding practices and examination of application security controls. Examined code is checked for effective, secure design and functionality and any flaws or weakness are identified.
Enterprise application security assessment
Our enterprise application assessments are designed to examine COTS and bespoke business applications and identify security issues and exposures. These assessments tend to include a more thorough assessment of staff/user roles and data access rights. We have tailored assessment programs designed to assess major enterprise applications including Active Directory, Peoplesoft, SAP, Oracle products and Baan.
Component assessments
Digital Assurance can assess the security of key components within an organisation or infrastructure, including the builds of servers, appliances and gateways (e.g. remote access, virtual private network devices, routers and switches.)
Our consultants will review the build of the specific device against best practice whilst always maintaining the specific business requirements for that particular device and complying with both internal and regulatory standards (e.g. Sarbanes Oxley or Common Criteria) where applicable.