Foundation Services

Implementation Services

Verification Services

• Application Security Review
• Standard Verification
• Comprehensive Verification
• Architecture Review

Managment Services

Training Services

Verification Techniques

• Code Review
• Penetration Testing
• Threat Modeling
• Static Analysis
• Vulnerability Scanning

Application Security Review

Aspect's "Application Security Review" is appropriate for all Internet-facing or intranet applications to get a quick appraisal of their security posture. For deeper assurance, you should consider a Standard Security Verification or a Comprehensive Security Verification.

Over a decade of application security work, Aspect has evolved a unique hybrid verification methodology that has proven efficient and cost-effective across a diverse range of applications and industry sectors. Our reviews are efficient because we've integrated code review with automated code analysis, vulnerability scanning, and application penetration testing to allow us to use the most effective techniques possible.

Our Application Security Review uses this hybrid verification approach, combining the strengths of automated scanning, manual code review, and manual penetration testing. However, unlike our other verification services, this security review is designed to provide quick insight into application security, not a comprehensive analysis. Our state-of-the-art application security analysis, testing, and reporting workbench allows us to keep costs down while providing very high quality.

Aspect has unparalleled experience verifying the security of the code for complex enterprise applications. We verify millions of lines of code every month across a wide range of platforms and frameworks. Over many years, we have tuned our process to be extremely efficient and effective. Aspect has deep experience with virtually all modern software environments and frameworks, including Java, .NET, C/C++, ASP, ColdFusion, Oracle, Struts, Spring, Ajax, RIA, and many more.

In some cases, access to the source code or the running application is not possible. We can still provide a security review for these applications using the available techniques, and the cost is the same. If you didn't develop the code yourself, we are happy to work with your software provider.

The application security review examines the most critical security areas, including authentication, access control, input validation, output escaping, and data protection. This review satisfies the PCI DSS application security compliance requirements, but does not provide as much detail as a standard or comprehensive review.

Aspect's reports include a strategic executive summary, a clear scorecard, and detailed findings that can serve as evidence of application security due diligence and compliance. Each finding includes a full description of the risk, including the likelihood and impact of a successful exploit to the business. We also detail the procedure for reproducing the finding, as well as a detailed description of how to remediate the issue.