(+91)-858-7827556
info@cyber-hunt.com
About Our Company
CYBER-HUNT SECURITY GROUP OF TECHNOLOGY (P) LTD

APPLICATION SECURITY AUDIT

Intensive, technical, unprivileged and privileged security test of an application and its associated components from the perspective of an attacker with the skill level of a «hacker / cracker».

The application security audit is a simulated, realistic hacker attack on an application and its associated front- and back-end systems. Web applications, mobile apps, appliances as well as classic client/server applications may be examined as executable programs or as source code. During the available testing time all security vulnerabilities are systematically searched for. In contrast to the security scan and the penetration test also privileged tests will be executed, and thus an application security audit is an attack from an insider's perspective. Much of the work is done manually and the testers put themselves in the role of a hacker. Our security consultants employ the latest methods and tricks that are also utilized by «real» hackers and crackers. The report of an application security audit does not only contain proposals for technical, but also for organizational countermeasures.

Application Security Assessment is designed to identify and assess threats to the organization through bespoke, proprietary applications or systems. We use the OWASP (Open Web Application Security Project) guidelines and the OSSTMM standard to build the assessment checklists. These applications may provide interactive access to potentially sensitive materials. It is vital that they be assessed to ensure that

  • the application doesn't expose the underlying servers and software to attack(s), and
  • a malicious user cannot access, modify or destroy data or services within the system.

Even in a well-deployed and secured infrastructure, a weak application can expose the organization's information assets to unacceptable risk. Visit the following links to get a better insight of our application security related research activities:

  • • Advisories of security vulnerabilities we discover
  • • Security testing tools that we have developed
  • • Articles that have appeared in various publications, highlighting our innovative approach
  • • Presentations we have made at various security forums, especially on application security

Application Security Audit: Approach

Besides the usual techniques, the following types of tests are used in an application security audit, if required:

  • • Code Review
  • • Reverse Engineering (hardware and software)
  • • API Monitoring
  • • Network Sniffing & Packet Analysis
  • • Injection Tests

Cyber-Hunt Approach to Application Security Assessments

Cyber-Hunt uses a number of software-testing techniques (including black-box testing, fault injection, and behavior monitoring), as well as real-world situations to test each application. The NII methodology is as described below:

High Level Design Audit

High Level Design Audit identifies and analyzes:

  • Flow of information throughout the application environment
  • Sensitive data in different sections of the organization
  • Threats to the sensitive information in question
Source Code Audit

In this step the code is reviewed for vulnerabilities and threats that belong to these categories:

  • Cryptography
  • Authentication
  • Session Management
  • Data Validation
  • Exception Management
  • Authorization
  • Auditing and Logging
Black Box Testing
  • Testing Communication Behavior
  • Identifying Fault Injection Points
  • Identifying Client-side behavior of the application
  • Testing interactions with third-party applications
  • File Interpretation
  • Cryptanalysis
Benefits

Application Security Assessments help

  • Secure the flow of information through the application
  • Implement secure coding practices, remove logical, formatting flaws in the application code
  • Embedding security right from the design to the execution stage
  • Recognize the existing vulnerabilities and the extent of current and potential damages posed by the application
  • Harden technologies keeping in mind the involvement of people which is a key criterion for any strategy to succeed

Above all, the strategies recommended by Cyber-Hunt at the end of the exercise will put appropriate application controls in place.





© Copy rights 2013 CYBER-HUNT SECURITY GROUP OF TECHNOLOGY (P) LTD | All Rights reserved.