The Source Code Security Vulnerability Assessment is intended to complement your internal software quality programs. It is a well defined process that analyzes a selected portion of your business application code for security problems. This process makes your networked-based application more secure and less vulnerable to determined intruder or hacking attacks.
It has two distinct parts:
The duration of the analysis phase depends on your individual needs and can last from several days to several weeks. SystemExperts will work with you to make sure your company's needs are met.
Contact us to learn more and to request your own Source Code Security Vulnerability Assessment.
SystemExperts uses its signature Accelerated Assessment methodology to minimize the burden it places on your budget and resources: for example, we do not require our clients to prepare detailed documentation. Prior to the on-site sessions, we will need a small amount of your time on the phone to answer a handful of basic questions about the code and the functionality of the application
Based on the answers to those questions, we assign staff with programming language specific skills to the project. We also assign staff familiar with overall application architectures, design models, and development practices. Creating effective and secure business applications is not just about the technical details of coding in C(++), Java(script), XML, or whatever language is being used, it is about ensuring that the primary business objectives are implemented and supported by the entire application environment.
In all likelihood, we will not audit your entire code base. There is usually is no need to go over each and every line of your code to understand the security vulnerabilities of the application. By understanding your application design, we will identify the security-critical set of modules or functions and put those under the microscope.
We will not be auditing you. Rather, together through a series of highly interactive discussions, we will openly explore the strengths and weaknesses of your entire environment in the context of your business, functional, and regulatory requirements.
The sessions are highly interactive, good natured, and mentally draining. What may surprise you to learn is that they are most often quite enjoyable. We'll bring a small team of consultants, typically two or three. We will choose them based on your particular technical needs (e.g., Windows, networking, databases, application infrastructure, PeopleSoft, ISO 17799 or Sarbanes Oxley compliance).
Following the on-site sessions, our team will spend an agreed upon amount of time off-site performing a detailed analysis of the selected code. Depending upon the amount of code to be reviewed, this process generally lasts one to three weeks. During that review, we will look for common security problems and issues such as unvalidated parameters, broken access control, broken account and session management, inappropriate state management, buffer overflows, error handling problems, and insecure use of cryptography. These types of issues are often the reason why Web based applications are subverted, providing access to back-end systems and data, or enable intruders to masquerade as other users.
The typical business application is the result of a long and complex process: architecture, design, implementation, functional testing, quality assurance testing, production deployment, and maintenance. During the last ten years, we have seen the need for independent, unbiased code reviews increase significantly. The reason for this is that the time-to-market requirements in the fast paced Web world compress the development cycle. Security issues are often pushed to the side or expected to be remedied in later releases.
SystemExperts has the specific skills to identify security problems in your application code and the programming expertise to recommend practical remedies.
Contact SystemExperts for a consultation on our source code security vulnerability assessments today.
Peace of mind at an affordable price - You'll be able to sleep at night knowing a team of our network security experts is on your side and watching your back.
Cost-effective compliance services in HIPAA, PCI, and ISO 27002 - working with you to achieve business-practical results.
We’re different – a long term perspective pervades everything we do: quality and responsiveness; staffing and business practices; fixed price engagements; experts and only experts.
Compliance with regulations and contracts is forcing organizations to develop documented security policies.