Application Security Evaluation
Application Security Evaluation finds weaknesses in the design and implementation of software. Whether building your system completely from scratch, deploying open source systems, or building systems from other components, Interhack's Application Security Evaluation will show you where there are weaknesses and help you deploy your system safely.
In our engagement we build an understanding of the application's intent and requirements by assessing code, reading documentation, and talking with staff. Our approach addresses eleven critical points, namely:
- Information gathering;
- Configuration and deployment management;
- Identity management;
- Authentication;
- Authorization;
- Session management;
- Data validation;
- Error handling;
- Use of cryptography;
- Business logic, and
- Client interface.
Using application security standards including OWASP, NIST SP 800-66, and other standards relevant to your industry, we show how your application supports or does not provide support for operation within a security-aware organization. Our recommendations provide you the guidance to help you achieve your objectives while properly defending against the inevitable attack.
Started originally as a research group in privacy and security, Interhack has been performing software evanluation since its earliest days in 1997. Our work in the area has been featured in the international media, used to strengthen systems for clients, and used in courts throughout North America.
Please contact us to discuss your concerns and find out how Interhack can help.