Application Security

Application Security Assessments are designed to identify and assess risks to the organization that could result from the deployment of proprietary applications (COTS) OR in-house / vendor developed applications.

• OWASP Top 10 (Open Web Application Security Project)
• Threat Modeling processes such as STRIDE and DREAD
• OWASP’s Software Assurance Maturity Model (OpenSAMM)
• Open Security Testing Methodology Manual (OSTMM)
• Web Application Security Consortium (WASC) guidelines

Our application security assessment methodology is designed around the following well-known security assessment guides such as:

As an example, the domains included are Governance & Compliance; Security Architecture; Risk Management; Training & Awareness; Endpoint Security; Application Security and Defense & Intelligence. The toolkit will then be the property of your organization and you could use it periodically to do your own assessments.
The gaps against each control in each domain are then assessed and in addition, as a value add, the HIDE Consultant will provide your organization with a ‘Maturity Level’ for each control. This will provide critical insight into where you stand and what needs to be done to enhance the maturity level.