S4 Call For Papers
AAA  AAA 

Application Assessments

A typical Security Assessment identifies known vulnerabilities such as missing patches, default passwords and configuration vulnerabilities in devices and applications commonly found in the enterprise network. An Application Assessment identifies zero-day vulnerabilities in SCADA and other applications that are due to poor software design and implementation.

Digital Bond’s application security assessment service is designed for application and device vendors who are concerned about the security of their products. Our offensive security team will aggressively analyze and attack the system to identify latent vulnerabilities introduced during the software design and development.

Ideally Digital Bond’s third party application security assessment would be a part of a vendor’s security development lifecycle and occur prior to product release. However, it is also useful for existing applications and devices with high security requirements that will be sold and used many years into the future.

The resulting report and other deliverables will be helpful in a number of ways:

  • It will identify vulnerabilities that can be fixed prior to discovery by attackers, researchers or clients. The earlier in a product lifecycle a vulnerability is discovered, the lower the cost of handling the vulnerability is.
  • The vendor will learn how to better integrate security into their development lifecycle.
  • The vendor will have an independent, third party application security assessment report that can be shared with clients and prospective clients.

Digital Bond’s Application Assessment methodology includes:

  • Software Design and Development Assessment
  • Threat Modeling
  • White Box Testing
  • Black Box Testing

Digital Bond has a documented Application Assessment Methodology that is available to vendors considering this service. To receive the methodology and get more information on this service contact Digital Bond.