Application Security means different things to different people. However diverse these conceptualization may be, one thing is clear to all those who work on this area – the need to put in place a structured, verifiable, repeatable process to ensure that the application meets the desired degree of security.
Application level flaws, as distinct from network architecture or technology implementation flaws have done significant damage to systems and data in the form of critical data leakage; loss of availability; violation of statutory and contractual obligations; serious impairment of privacy and most importantly, a serious undermining of the strategic advantage of the application itself to the organization owning or implementing it.
Depending on the nature of the application whose security is being evaluated, Valiant will adopt some of the well known standards of application security review practices including those contained in OSSTMM, OWASP and IEEE-P1074.
Key Business Benefits
Realistic analysis of the application's risk in a runtime environment
Significant risk reduction for critical applications prior to public deployment if this process is undertaken in parallel with the Quality Assurance (QA) testing phase
Understanding of risk posed by malicious application users and external attackers
Improved compliance with regulations and control frameworks, such as the Payment Card Industry Data Security Standard (PCI DSS), COBIT, ISO 27001, GLBA, etc.
Application Vulnerability Assessment