Application Security testing focuses on identifying application and configuration vulnerabilities that could lead to security issues. The goal of the security assessment is to identify as many potential security vulnerabilities as possible.
Planning
Planning consists of a kickoff meeting via a conference call with the client to go over the security assessment process. General rules of the application security assessment service will be discussed, and key milestone dates will be specified.
Information Gathering
Independent research will be performed to acquire information about the application. This research will result in obtaining an overview of the functionality of the application and any associated vulnerabilities.
Manual and Automated Testing
Testing of both the server-side and client-side applications will consist of of both automated commercial application assessment tools as well as other freeware tools. Discovered vulnerabilities will be further analyzed using manual procedures as needed.
Vulnerability Research & Analysis
Using the information gathered by the automated and manual testing, vulnerabilities will be further researched using commercial databases and open vulnerablity databases.
Remediation Testing
A remediation assessment of the application will be conducted after the recommendations from the original assessment are implemented. The remediation test phase will be conducted with an emphasis on determining if the original vulnerabilities have been eliminated.