Please enter a search term to begin your search.
Simplifying compliance and risk management
- DR/BCP Services
- Executive Team
- Application Security Assessment
- VA & Pen Testing
- Identity and Access Management Services
"When purchasing an application assessment, you have to ask yourself a blunt question. Am I doing this to ‘check-the-box’ or am I looking for real-world, high impact findings?"
Application Security Assessments: A Vital Component of Any Security Program
Business Objectives Met:
- Satisfy regulatory requirements for periodic application security testing (e.g. PCI DSS 6.6 and 11.3.2)
- Discover vulnerabilities that could be exploited to compromise confidentiality, integrity, and/or availability
- Improve coding and change management practices by educating developers and application support teams on how to avoid repeating insecure practices
Service Description
Applications are likely the most vulnerable part of your infrastructure. A recent survey conducted by nCircle found that 58% of 272 IT security professionals said their web applications were less secure than the rest of their IT infrastructure. Further, WhiteHat Security stated that about 70% of the websites it scans are likely to have at least one critical website vulnerability.
In our experience, these statistics grossly understate the problem. Even when scanning tools return no serious issues, our application security consultants have been successful at finding critical vulnerabilities virtually 100% of the time. Worse, they have found and exploited such vulnerabilities in as little as hours of effort.
When purchasing an application assessment, you have to ask yourself a blunt question. Am I doing this to ‘check-the-box’ or am I looking for real-world, high impact findings? If checking the box is good enough, TruArx recommends a low cost tool-driven approach. While such an approach will be successful at finding some vulnerabilities, today’s application scanning tools are limited in their reach, not even covering all of the OWASP Top 10. If the application processes large volumes of sensitive data, we recommend a more thorough approach which combines low-cost tool testing with more in-depth testing by our application security consultants.
A TruArx Application Security Assessment reviews applications at the presentation, business logic and database levels to help further identify and demonstrate the seriousness of the vulnerabilities that may exist within an application.
The primary goal of the Application Security Assessment is to provide an analysis of security flaws present in Web-based applications that could allow an end user to retrieve unauthorized information, alter data stored within the application database or perform other unauthorized actions within the Web application. By adding this additional layer of protection to your environment, you help ensure that necessary resources stay secure and available.