Advise - Assess - Assure Company Services Advisories Publications Events News Room
New Zealand
Tel.:+ 64 9 302 5093
Fax.:+ 64 9 302 5023
e-mail: nz@security-assessment.com
Emerging Technology Assessments Web Application Security Testing PCI Compliance
Continuous Security Assurance Programs Vulnerability Management Application Security Assurance
Application Security Assurance
Attacks against applications are now the main entry points for hackers into systems. We estimate that over 80% of websites have application vulnerabilities that could potentially lead to a major compromise.

Application weaknesses can be directly attributed to insecure coding practices and inadequate security considerations during the development process. While there will always be a residual risk, organisations should reduce web application risks by maintaining a security focussed SDLC and application Assurance Program.
Secure SDLC Services Security Assurance Reviews
Most security issues that find their way into web applications can be resolved if an organisation implements security policies and procedures throughout the SDLC. Our Secure SDLC Services include;
  • SDLC management reviews and security gap assessments
  • Regulatory and Compliance Security Requirements analysis
  • Security and Business Threat Assessments
  • Policies and Standards Control Review and Development (such as Application Security, Secure Coding, System Configuration, Architecture)
  • SDLC Procedures (such as Change Management, Check in, PIR, Code Review , Budgeting, Peer Review Checklists)
  • Templates (Requirements, Design, Test Plans / Cases)
  • Security requirements for outsourced provider contracts
Contact Us for more information
Security Assurance Reviews find application vulnerabilities that can not and will not be identified in traditional functionality testing. They can eliminate the 'back to the drawing board' scenario caused by 11th hour application security tests. Reviews should be undertaken at various stages of the applications design and development to identify and remediate security vulnerabilities and application weaknesses as early as possible. Assurance Services include;
  • Penetration Testing / Web Application Reviews
  • Source Code Inspection
  • Architecture Web Application Reviews
  • Vulnerability Assessments
  • Ongoing Application Assurance
Secure Developer Training
Improve the overall security awareness and capabilities of Application Development teams.
  • Developing Secure Applications for Developers and Business Analysts.
  • Planning and Implementing Secure Application Development Programs - For Project Managers and Business Analysts.
Courses can be run internally or externally. Contact us for a Course Outline or more information
The longer a vulnerability or bug exists in an application the greater the impact and cost to remedy.

IT Security needs to be brought back to where problems originate and where they can be more readily resolved - in the Systems Development Life Cycle.
Key Benefits
Our Application Assurance Program helps organisations to;
  • Minimise Risk & Exposure to Malicious Attack
  • Improve Efficiency and Quality of Systems Development
  • Develop Better, more Robust and Secure Applications
  • Reduce Development Costs
  • Improve Development Team Capabilities
  • Comply with the Payment Card Industry Data Security Standard
  • Satisfy Legal and Corporate Governance Requirements for IT Security
  PUBLICATIONS

Exploiting Web Applications
  INFORMATION

The Open Web Application Security Project (OWASP) is dedicated to finding and fighting the causes of insecure software. Everything here is free and open source.
  Security-Assessment.com © 2007 | Privacy Policy | Terms of Use