Case Study: Application Runtime Security Assessment Case Study: Application Runtime Security Assessment

A case study involving a customized solution for a large financial institution that required performing a security assessment on over 400 internet facing applications

Video: The True Danger of XSS and CSRF Video: The True Danger of XSS and CSRF

This video illustrates the true danger of Cross-Site Scripting (XSS) combined with Cross-Site Request Forgery (CSRF).

Training: Web Application Exploiting & Defending Training: Web Application Exploiting & Defending

This course will help students learn key concepts in web application security, the vulnerabilities that exist and how hackers exploit modern day applications for their own gain.

Description

Our Application Security Experts bring together many years of experience in software development, architecture allowing us to thoroughly understand your application, your framework and your environment. We instantly grasp how your application has been designed to explain both the strengths and common pitfalls behind implementing certain types of frameworks. In addition, our Experts also lead the OWASP ASVS and OWASP Web Services Security projects expanding their knowledge well beyond the office.

We begin all assessments with a lightweight Threat Model that will profile your application and help you get a better understanding of the security threats that may compromise your business. This lightweight Threat Model will be referenced throughout the assessment to evaluate the risks that are most important to your business.

Our unique approach combines both an automated and a manual approach to achieving full coverage. We catch any vulnerability that requires a human eye or understanding of the application.

We always focus our efforts on the areas of highest risk. More importantly, we map your web application's technical security vulnerabilities and security risks to specific business impacts. Security Compass presents the root causes of each of these vulnerabilities helping you to reduce any future vulnerability.

Security Compass' leadership and uniqueness in the industry allows us to extensively model your application with SD Elements in order to provide a repeatable method of creating secure code, architecture, design and testing tasks. To compliment your assessment, we provide you with 90 days of free access to SD Elements where we have expertly modeled your application(s). There is no level of mysteriousness to our goal for you as a customer. You will have access to a list of security requirements that are directly relevant to your application; code samples that facilitate remediation activities following the assessment, and testing procedures for your QA Team to consider as part of their test suite going forward. Essentially we are giving you the tools to turn your current extensive remediation and testing efforts into validation efforts. This reduces your time to market and exposure to threat on an ongoing basis so you don't have to frequently bring in third parties to validate your work. We turn you into security leaders with our guidance and the use of SD Elements.

Security Compass is able to provide a security assessment at any stage of your web application's development. Whether the application is in the planning stage or has been on the market for years, our Assessment Team will identify the key areas of risk within it. Post assessment, we follow up with a Remediation Consultation that makes sure the outlined vulnerabilities are being fixed.

Meet Our Experts

  • Tak Chijiiwa

    Tak Chijiiwa

    Director of Consulting

    Our web application security assessment team has many years of experience helping our clients produce a safe web presence for their company brand while upholding their customer's confidence. Staying involved in the web application security community and continually incorporating new tools and methodologies when performing web application security assessments keep us in tune with the ever changing web application industry.

    Tak Chijiiwa and Subu Ramanathan are the Mobile and Application Security Service Leads. Outside the office, Tak researches and writes articles about security most recently as a contributor in the Security News Daily article entitled "How Cybercriminals Empty Your Online Bank Account" (April 24, 2012). Tak brings together a unique blend of IT security, field work as well as business experience to his assessments therefore providing each of his clients with a clear understanding of the specific components involved in the assessment, the key vulnerabilities and how these may negatively affect the business in both the short and the long term, if left untreated.

Overview

Security Compass consultants are able to assess the application's security from the point of view of a malicious attacker and identify critical breach points, and suggest possible mitigation steps.

Key Business Benefit

Ability to meet regulatory compliance while gaining a deep understanding of your organization's risk exposure though the application.

Methodology

Security Compass' team of experts have years of experience in application security. Our methodology is tried and tested to provide results across multiple industries.

Learn more