Application Security Assessment
 |
Application Security Assessment Application Security Assessment is an in-depth analysis of your end-to-end application architecture. Click here to download pdf brochure.  |
 |
 |
 |
||||||||||||
|
The Quick Read
|
||||||||||||||
 |
 |
 |
Who Needs an Application Security Assessment?
 |
Companies that leverage Internet application architectures should conduct regular application security assessments as part of your security vulnerability management strategy. |
|
|
Companies that provide information, data access or data input or data management via internal or external applications should assess application controls for security vulnerabilities. |
|
|
Companies that leverage e-commerce or point of sale application should perform application security assessments to validate the security functionality and embedded security controls. |
What is Application Security Assessment?
Application Security Assessment is an in-depth analysis of your end-to-end application architecture. Included is an application architecture design review, design and function, development and maintenance processes, its operational management processes and its technology components to understand the system configuration. Arsenal application security experts will conduct application vulnerability scanning and penetration testing to determine potential exposures that may lead to information leakage or application and system breach.
Components included in application security assessment are:
|
|
Review of application design and component architecture |
|
Review of security functional and nonfunctional design requirements |
|
|
Application architecture segmentation and n-tier architecture analysis |
|
System vulnerability configuration analysis |
|
|
Internal and/or external application scanning and penetration testing |
|
Detailed findings and recommendation reporting |
Application Security Assessment Engagement Process and Deliverables
After an initial call, the Arsenal Security Group Senior Information Security Professional will prepare a statement of work within 2 days and we normally can begin an engagement within two weeks. Prior to the workshop, we will meet with the company contact to develop the key questions to be covered in the workshop, identify the participants and establish the baseline knowledge of the group. One of our Senior Information Security Professionals will lead the engagement working with one of our QSA-certified auditors. We will provide a written executive summary and a detailed report of the key findings, recommendations and any conclusions reached. Our engagement is not complete until all of our deliverables have been reviewed accepted by our client.
About Arsenal Security Group
Arsenal Security Group is a security consulting firm that is focused on close client coordination and collaboration. From the initial meeting through the final presentation, one of Arsenal Security Group’s Senior Information Security Professionals will be the primary contact for all engagement activities. We proactively conduct weekly calls with our client when engaged and meet with clients on a quarterly basis to review and understand their security posture – even when we are not actively engaged on assignment to ensure they are aware of new security risks or regulatory changes they may impact their business.
