home
about us
products & services
analysis slash delivery slash testing slash operations slash awareness
news events
case studies
resources
contact us
* *
health check application testnext service

headlines

applications are frequently the weak points in system security

comprehensive application security assurance service

objective, independent, current security knowledge

commissum provides:

pool of concentrated security focused resource

objective, independent, current knowledge

experience with a wide range of commercial off-the-shelf (COTS) applications

comprehensive testing of bespoke applications

advise on best practice measures and corrective action to improve security and integrity

independent expert assurance of resistance to a range of attacks

confidence that system or enterprise will not make headlines as a hacker's latest victim and analysis of the firewall as it presents itself to the Internet


issues

Applications are the reason for using complex computer systems. They are the means to harness the power of the hardware to provide value through functionality, the access points to your information assets.

Unfortunately applications are frequently the weak points in system security. In today's environment, time-to-market is critical for application development. There is always a delicate balance between functional requirements, business needs, and security risk.

Organisations are understandably focused on ensuring that business functional requirements are delivered by developers. In this environment, it is too easy to overlook critical flaws in design or underlying vulnerabilities in the commercial-of-the-shelf (COTS) components that are inevitably part of the application, or part of the environment in which it operates.

Attackers are only too aware of this potential weak link, and application level attacks are increasingly the source of unauthorised access to or misuse of systems today. By their nature, they bypass traditional defences, and are extremely difficult to detect via Intrusion Detection Systems.

commissum is able to provide a comprehensive application security assurance services that encompass design assurance consultancy throughout the development lifecycle, development audit, critical phase review, and specialist security application testing.

approach

Ideally, a client will engage the services of commissum's security assurance specialists at the earliest phases of a project. It is significantly more cost effective to design with best practice security in mind from the start. However, the knowledge and skills of the commissum team can be applied at all stages, particularly as independent security testers as part of system proving.

The approach taken to any assignment can be either "Black Box" (limited prior knowledge) or "White Box" (full application knowledge), although ideally a combination of both approaches is used for greatest effect.

Depending on agreed scope the following elements would be included in testing:

  • non-essential functions exposed to users or other applications
  • monitor network traffic for transmission of information of benefit to an attacker
  • test for a range of typical vulnerabilities
  • resilience to inappropriate data
  • review systems software for known security flaws
  • infrastructure implementation for secure operation
  • application not prone to "fail open"
  • protection of sensitive information and administrative functions
customer benefits

commissum provides:

  • a concentrated pool of security focused resource to advise on best practice security implementation
  • objective, independent, current security knowledge of a wide range of commercial off-the-shelf (COTS) software and COTS-based applications
  • comprehensive testing of bespoke applications by drawing on concentrated security knowledge to devise tailored threat scenarios - thinking like an attacker is different from thinking like a user
  • advise on best practice measures and corrective action required to improve security deployment and integrity
  • independent expert assurance that applications and processes are able to resist a range of attacks
  • confidence that system will not make headlines as a hacker's, criminal's or terrorist's latest victim

commissum is able to recommend hardened configurations for system components that enable required functionality while disabling unneeded features and improving integrity and resistance to attack.

Note: You can download details of this service as a Adobe Acrobat PDF by clicking on the button above. If you do not already have Acrobat Reader, you can download it for free from the downloads page.
point of presence
penetration test		 detailed
penetration test		 application
test		  
   
site map

slash

 terms & conditions © 2001-2008 commissum