Application Security Assessment
An application security assessment is a crucial part of every companies software development life-cycle. Organizations often face the difficulty of finding an experienced team of analysts to conduct a high quality, intensive and non-automated application security assessment. It’s true we have built a strong reputation in vulnerability discovery, exploit development and penetration testing services as well as teaching others how to do the same. As this is our area of expertise, we are perfectly suited to use our extensive knowledge for your next application security assessment. In most situations a client requests our assessment services for the following reasons:
- Before making a large software purchase, organizations often engage with us to evaluate security of the proposed third-party software. Results of their application security assessment is used in addition to other factors to make purchasing decisions.
- An organization with applications developed in-house and destined for commercial or private use will bring us in as part of their software development cycle. Results of the assessment are used to improve the overall security posture of their product prior to its public release.
In both cases, our expert security team conducts an in-depth vulnerability analysis of the target application. Our comprehensive application security assessments are conducted using all necessary methodologies, including reverse engineering, protocol analysis of legitimate traffic and protocol fuzzing, as well as manual traditional and custom attacks against the exposed attack surface. In cases where interaction with the developers is possible, Offensive Security makes use of all communication channels extensively. In any case, our application security assessment services offer companies the confidence and expertise needed for secure software deployment across their organization.
Want to see some of our previous work or better understand our skill set? When possible, we document public research we conduct and release this information as a blog post. Check out the articles below for a small sample of our work.
Extensive Assessment Reporting
Once your application security assessment is complete we’ll deliver a comprehensive report, including highly detailed and chronological descriptions of all discovered issues. In many cases our reports include custom-developed exploits used to demonstrate discovered vulnerabilities and video presentations of those exploits in action.
Specializing in web application security and Windows based software on a variety of technologies, our expert security team has a proven track record. We deliver exceptional results across a wide range of targets from commercial, banking and law enforcement to other government organizations. Find out the difference our application security assessment services can make for you!