Application Security Assessment

Security Compass works with the client to customize and specialize our approach.

Runtime Security Assessment

As part of our overall security assessment, we can detect security vulnerabilities in the application through a detailed examination of the application in a runtime environment. This allows an organization to emulate the kinds of vulnerabilities that may be exploited by a skilled attacker.

View the blog entry

Source Code Review

Our skills and experience allows us to excel in source code review assessments. A review of source code can identify possible gaps in the security of your application. In order to provide the most thorough possible assessment of an application’s security posture, we perform this review in tandem with your Penetration Test and provide you with remediation recommendations that are tailored to your SDLC environment.

Threat Model Express

We understand that security may not be a development team’s first priority. Our tool minimizes the process overhead and makes the threat model compatible with fast-paced development processes like Agile.

Mobile Security

We provide a thorough analysis of the mobile application on all major platforms — iOS, Blackberry, Android and Windows mobile — to provide you with a complete understanding of your organization's risk exposure within the mobile application. We provide a custom mobile security assessment catered to your company's unique and industry-specific needs.

Read the report

Secure Development Advisory

Security Compass works with the client to customize and specialize our approach.

SDLC Gap Analysis

Our SDLC experts bring together many years of experience in software development and architecture. We will thoroughly identify every aspect of your application's development, framework and environment, and will accurately evaluate both the strengths and common pitfalls associated with your SDLC program. We will generate a program roadmap to get your SDLC program to an ideal state within the next 2-3 years. While you are on your way to implementing your improved SDLC program, our consulting team will continue to support and guide your efforts as an extension of your company's security team.

Secure Development Standards

We work with your organizational stakeholders and requirement engineers to collect your business goals and drivers, assemble profiles of your existing applications, and draft a reusable set of custom application security requirements. These requirements serve as a baseline from which specific requirements, tailored to a specific application, may be derived.

Application Risk Management

Security Compass works with the client to customize and specialize our approach.

Application Risk Profiling

We triage your application portfolio to derive a set of risk profiles and implement a repeatable risk profiling process for future applications. Our application risk profiling service enables us to work with your organization's application catalogue. We leverage data and asset classification, compliance drivers, and the current threat landscape to derive a prioritized list of high-risk applications.

Surface Assessments (400 apps in 40 days)

Security Compass will assess the web presence exposed by your company from the perspective of an external attacker. This type of assessment is ideal if you are managing hundreds — if not thousands — of internet-facing domains. We will use a lightweight assessment methodology to ensure that each application has been reviewed for low hanging fruit and will provide you with a report that indicates the identified vulnerabilities in addition to the applications that require more in-depth assessment.

View the blog entry

Remediation Guidance

Security Compass's remediation guidance can help to reduce the average age of open vulnerabilities. We liaise with development teams post-assessment to establish and finalize a remediation policy that adheres to the organizational policy. While our consultants focus on addressing needed security fixes, the development team may simultaneously move forward with other tasks, keeping the project on time and on budget. Our systematic approach is both efficient and effective.

Threat and Risk Assessment (TRA)

Our methodology is aligned with industry known standards such as Communication Security Establishment – Royal Canadian Mounted Police (RCMP) Harmonized TRA methodology and ISO applicable information security standards. We also extend this assessment beyond a traditional document and interview; a complete technical confirmation is consummated through various activities such as network, application and system configuration reviews.

Infrastructure Security

Security Compass works with the client to customize and specialize our approach.

Network Penetration Testing

We stay current with the newest network tools, techniques and trends to assess the security of your network from the perspective of both external and internal attackers. In our risk management approach to testing, we ensure that our examination never affects your production environment and can always accommodate the testing of your network during scheduled maintenance windows or after business hours.

Wireless Security

We will familiarize ourselves with your wireless network infrastructure and assess your specific wireless implementation. Our consultants will test for rogue access points and those masquerading as legitimate wireless access spots. In order to fully grade your wireless security profile, we will also identify the physical location of all detected anomalies, document the security posture for reporting and take pictures of any anomalies that are found (if applicable).

View the blog entry

Case Studies and Whitepapers

Learn more

Interested in our consulting services or do you have further questions?

Copyright © 2014 Security Compass and SD Elements Inc.
All Rights Reserved.
257 Adelaide Street West, Suite 500, Toronto ON, Canada, M5H 1X9
Mail: 1801—1 Yonge Street, Toronto ON, Canada, M5E 1W7 | 1.888.777.2211 | info@securitycompass.com | Privacy Policy

Security Compass Logo