Application Security Assessment – Overview

Application Assessment
Application Assessment of the client’s application environment as defined in the client questionnaire.  This assessment will evaluate the overall environment by examining both network architecture as well as potential vulnerabilities within the application.  The methodology follows industry standards and will measure the application’s existing security controls against the Application Security Verification Standard (ASVS).

– X applications 

– Automated application vulnerability scanning
– Manual verification of findings to reduce false positives
– Manual exploitation techniques to evaluate true risk
– Unauthenticated and authenticated application testing using up to X user roles
– Review application policies as compared to ASVS standards

– Testing windows will be set by the end client
– Prior approval for any hosted systems is required before the start of testing

– Single point of contact (Project Manager) for all tasks and deliverables
– Final Assessment Report describing identified vulnerabilities, and recommendations for remediations

Remediation Validation Test
Scope includes a re-test of all high and medium level vulnerabilities that were identified in the initial assessment

– Perform re-testing as needed to validate the corrective actions remediated the initial vulnerabilities
– Re-Testing can only be scheduled once all remediations are completed

– Updated Final Assessment Report showing remediated items