Websecure Basic
Basic Application Security Certification - This model is designed for customers who would like to have an independent agency certify that their application has been audited for application level security using a specific Application Security audit tool. This engagement typically consists of a small eWorld team engaged for a period of 15 business days after eWorld team has been provided with a stable application version depending on the complexity of the application. A typical lifecycle of such an engagement looks like this:
• Application configuration: Applications need to be tuned or modified in certain ways for the Security test pass. For example, most applications disable an account in case of too many failed logging attempts - this functionality has to be turned off before starting Security Testing using an automated tool.
• Audit Planning: Determine what testing should be done using the tool's automated scanning mode and what should be done using a manual (but tool-based) scan.
• Audit Execution.
• Interpretation of Audit Results: Audit tools produce a large set of results that needs to be analyzed so that false positives are eliminated.
• Reporting: Prepare a report that provides an assessment of the security preparedness of the application
As a deliverable for this package eWorld provides a comprehensive report and a presentation to the appropriate CXO level audience.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment