Application Vulnerability Assessments identify the security vulnerabilities within an application, reducing the risks of a real world attack. Application Vulnerability Assessments are integral to a systematic and proactive approach to web security that reduces the risk associated with application level attacks (e.g. Cross-Site Scripting, SQL Injection) and ensuring compliance with relevant standards, laws & regulations.
Key steps in an Application Vulnerability Assessment include:
- Leveraging an open-source or commercial application vulnerability assessment tool to discover known application security vulnerabilities
- Formal reporting on the process, gap analysis, relevant findings, and mitigation roadmap. Where possible the report will also include: root cause analysis, peer-group benchmarking, good practice benchmarking, executive summaries, and technical summaries.
The benefits of an Application Vulnerability Assessment are:
- Quickly identify configuration errors, default settings, coding errors, and patch management issues
- Capable of being run on automated, regular basis to provide baseline and ongoing vulnerability management metrics
- Can be used to focus Application Penetration Testing activities on those areas of greatest concern.
Application Vulnerability Assessments are best used:
- As a quick and inexpensive means of assessing the risk associated with an application
- As part of an ongoing vulnerability/configuration management program, especially in demonstrating compliance with relevant standards and regulations
- To assess less critical applications (i.e. applications with a low risk profile) where the risk does not justify hands-on testing
- As an information gathering mechanism to focus penetration testing or code reviews
Pivot Point Security provides thorough, effective Application Vulnerability Assessments for business of all sizes. Contact us for more information on assessing your applications and keeping your business secure.