Application Security Assessment - WHAT is it?
An application security assessment can be compared with a penetration test, but it focuses on the application layer and goes much deeper.
It is carried out by a team of application security experts using a combination of automated tools and manual tests. The assessment’s purpose is to identify vulnerabilities in the application, estimate the probability of them being exploited, and provide a risk profile for the application components.
Drawing on their own knowledge and experience, our analysts exploit logical errors in the application, as well as coding errors, to gain entry. They also consider the potential impact of any problems – and help you find ‘proportionate’ solutions.
WHEN do I need it?
Business-critical applications that are ‘interfaces’ for external stakeholders should always be assessed before being distributed – or changed or upgraded.
It’s hard to over-estimate the importance of regular reviews for these applications: what might have been state-of-the-art security a year ago can now be an entry point for a hacker.