..

This design element requires flash & JavaScript to be enabled to play. Download the latest version of flash from Adobe.com.

Application Assurance

Regular testing of your network infrastructure and applications is a critical activity for ongoing assurance that your network remains safe, and that your investment in perimeter controls is yielding the expected return.

commissum provides a comprehensive range of internal and external network and application testing services, as well as cost-effective vulnerability assessments in between these detailed tests.

Application Security

commissum's application assurance services offer advice on best practice in security testing & application assurance.

  • CREST assured application security testing.
  • Comprehensive application security assurance service through the entire software development life cycle (SDLC).
  • Objective, independent and pragmatic security advice.

Application Test Issues

Software applications are the reason for using complex computer systems. They are the means of harnessing the power of the hardware, to provide value through functionality. Applications represent the access points to your information assets.

Unfortunately, owing to their complexity and inevitable business pressures during development, applications are frequently the weak points in an organisation's security. Organisations are understandably focused on ensuring that business functional requirements are delivered by developers, and in today's environment, time-to-market is critical for application development.  In this environment, it is all too easy to overlook critical flaws in design, code implementation, or underlying vulnerabilities in the commercial components. These commercial components are inevitably part of the application, or part of the environment in which it operates.

Attackers are only too aware of this potential weakness, and application level attacks are increasingly the source of unauthorised access to, or misuse of, systems today. By their very nature, they bypass traditional defences, and are extremely difficult to detect.

There is therefore always a delicate balance to be struck between functional requirements, business needs, and security risk. commissum is able to provide comprehensive application security assurance services, that include design assurance consultancy throughout the development lifecycle, development audit, critical phase review, code review, and specialist security application testing.

Approach

Ideally, a client will engage the services of commissum's security assurance specialists at the earliest phases of a project. It is significantly more cost-effective to design with best-practice security in mind from the start. However, the knowledge and skills of the commissum team can be applied at all stages, particularly as independent security testers as part of system proving.

The approach taken to any assignment can be either "Black Box" (limited prior knowledge) or "White Box" (full application knowledge), although ideally a combination of both approaches is used for greatest effect.

Depending on the agreed scope, the following elements may be included in testing:

  • Test non-essential functions exposed to users or other applications.
  • Monitor network traffic for transmission of information of benefit to an attacker.
  • Test for a wide range of typical vulnerabilities including OWASP top ten.
  • Test for resilience to inappropriate data input.
  • Review systems software for known security flaws and common coding errors.
  • Check infrastructure implementation for secure operation.
  • Test that application not prone to "fail open".
  • Check the protection of sensitive information and administrative functions.

Application test customer benefits

commissum provides:

  • A concentrated pool of security-focused resource to advise on best practice security implementation.
  • Objective, independent, current security knowledge of a wide range of commercial software and applications.
  • Comprehensive testing of bespoke applications by drawing on concentrated security knowledge to devise tailored threat scenarios: thinking like an attacker is different from thinking like a user.
  • Advice on best practice measures and corrective action required to improve security deployment and integrity.
  • Independent expert assurance that applications and processes are able to resist a range of attacks.
  • Confidence that the system will not make headlines as a hacker's, criminal's or terrorist's latest victim.

commissum is able to recommend hardened configurations for system components that enable required functionality, while disabling unneeded features and improving integrity and resistance to attack.

Icon commissum application security PDF (40.1 KB)

Get in touch with one of our security consultants today

  • No obligation
  • Expert advice
  • Tailored solutions
"commissum provided us with a high quality service. We found the project team helpful and flexible in responding to changes in requirement; the technical staff in particular were excellent. All commitments including deliverable timescales were met and I would have no hesitation in recommending commissum.”

Mr A Moretti, Executive Director for IT Security Risk Management, Global Investment Bank

Latest News

country flags

UK cyber-security among the world's best in recent report

A new report collates the views of international cybersecurity experts to grade several countries according to the strength of their defence against Internet attacks.  The report, sponsored by the computer security company McAfee, ranks Israel, Finland and Sweden as the top-performing countries, with four and a half out of five ...
Tue 31 Jan, 2012 // Briony
SecurityLock

McAfee fixing spamming bug in anti-malware software

McAfee, the prominent anti-malware software firm, has been fixing a flaw discovered in its software that would allow a spammer to use an infected machine to send floods of spam emails.The flaw was found in McAfee’s “SaaS for Total Protection” cloud-based anti-malware software.  The flaw crucially depended on the software’s ...
Fri 27 Jan, 2012 // Briony
Online Threats

Beware! Ransomware Attacks Are On the Rise

Cloud security company Panda Security, have announced on their blog PandaLabs, that ransomware attacks are increasing. Not only are the attacks more common but also more sophisticated. Leaving personal and business users having to face new major threat in the coming year.What Is Ransomware?Ransomware is a type of malware, that ...
Tue 24 Jan, 2012 // Chris