Security Assessment: Application Security

Home > Services > Security Assessment Services > Security Assessment: Application Security
Application security services of Spentera provide a comprehensive approach to understanding the application exposure and focus on application security from development phase to production. We have a comprehensive suite of application security services to help you not only identify application flaws, but also cultivate a security savvy development environment. We provide tools and techniques to identify applications security flaws and expertise to provide strategic and tactical guidance to reduce overall risk.

Web Application Testing

Using the most advanced techniques of exploitation against the application, our analysts rigorously test your applications against vulnerabilities. Our testing methodology based on OWASP Testing Guide Methodology that covers all common tactics, such as SQL injection, forgery requests, and error flow applications (business logic), and some zero-day test techniques that we have.

Mobile Application Testing

Spentera has created a mobile testing methodology that combines research-driven guidance based on OWASP Application Security Verification Standard (ASVS) and OWASP Testing Guide Methodology. Spentera also provides verification and validation across all major control categories, such as use of cryptography, including authentication and authorization, session management, access control, malicious input validation.

Our Approach

OWASP

Threat Modeling

Spentera identifies the likely threat agents and vulnerable components associated with the application. We will work together with your team to produce a holistic view of the application and use the results to make a list of possible vulnerabilities, identify the assets that are most likely to be targeted by an attacker, what your value is and what the impact of your loss would be. This task includes:

  • Interviews with client subject-matter experts
  • Reviews of specifications, schema, and design documentation
  • Compilation of collected data
  • Attack scenario and planning

Application Assessment

After all info gathered, we will perform application security assessment using these approach:

Semi-automated and manual scanning

Due to the use of automated tools often produces false-positive against possible vulnerabilities, Spentera will not be fully dependent on the automated tools that mostly used. Instead, we combine multiple testing techniques without relying on tools. The expected result is a comprehensive result after going through the process of automated testing and manual verification.

Manual exploit testing and research

The use of exploitation tools sometime adversely affects the application, database, system, network, or other tools. To reduce the impact of the exploitation, we always explain and ask for approval if we want to exploit the vulnerabilities found. Use of exploitation against vulnerability will depends on a lot of things (e.g. likelihood, impact, attacker skill, etc), if there is no proof of concept against such vulnerability, we will make the closest approach to verify the vulnerability.

Approach to research on new vulnerabilities (zero-day) has always been an interesting challenge, the expected result is the discovery of vulnerability that has never been found before.

  • Application Security

For more information about our services, just contact us and we will be happy to assist you.