Application Security Assessment – Overview

Application Assessment
Application Assessment of the client’s application environment as defined in the client questionnaire.  This assessment will evaluate the overall environment by examining both network architecture as well as potential vulnerabilities within the application.  The methodology follows industry standards and will measure the application’s existing security controls against the Application Security Verification Standard (ASVS).

Scope
– X applications 

Activities
– Automated application vulnerability scanning
– Manual verification of findings to reduce false positives
– Manual exploitation techniques to evaluate true risk
– Unauthenticated and authenticated application testing using up to X user roles
– Review application policies as compared to ASVS standards

Requirements
– Testing windows will be set by the end client
– Prior approval for any hosted systems is required before the start of testing

Deliverables
– Single point of contact (Project Manager) for all tasks and deliverables
– Final Assessment Report describing identified vulnerabilities, and recommendations for remediations

Remediation Validation Test
Scope includes a re-test of all high and medium level vulnerabilities that were identified in the initial assessment

Activities
– Perform re-testing as needed to validate the corrective actions remediated the initial vulnerabilities
– Re-Testing can only be scheduled once all remediations are completed

Deliverables
– Updated Final Assessment Report showing remediated items