Applications are at the heart of the business decision making process. They are the core tools used everyday by managers, employees and clients alike. The data they manipulate are vital for the organization. Do your applications get the security attention they deserve ?
Applications nowadays are usually multi-users. Applications' source code are huge and intricate. The transactions they process are more and more complex. Internet based application development is usually out-sourced to third party software vendors that have poor understanding of security, and incomplete quality management processes. Most of the time the applications are extremely insecure before they get audited by security professional third-parties.
FMA can perform Application Vulnerability Assessments to help you check that your applications are in-line with your business' security requirements. We will focus on uncovering security flaws, and will advise on how best to mitigate them. We can help you audit your application's source code, or audit your application using a black-box testing process which does not require the source.
Application Security Assessment and Source Code Review exercises not only help you identify complex security bugs but it also very often helps you indentify and fix regular bugs, leading to more robust applications. Web application vulnerability testing helps your company fulfill security and regulatory requirements.
We do not believe in automated application security assessments. The tools available on the market nowadays are handy, but will never be able to replace senior security consultants with years of experience in software development and security. While these tools do a perfect job in the simplest cases (trivial applications were the application flow is clear and linear) they yield very poor results and fail to uncover even the most trivial bugs as soon as the application becomes more complex.
We believe consultants who made so many mistakes while they were software developers have learned from them, and are quicker to find these mistakes in other developers' work. Furthermore we believe that security consultants who do not have extensive software development experience will not be able to find serious flaws...
We only use experienced application testers (guru software developers with extended knowledge of security) to perform these assessments.
For further information on our Application Audit service, please contact us.