Kaspersky Application Security Assessment
Uncover vulnerabilities in applications of any kind
Overview
Whether you develop corporate applications internally, or purchase them from third parties, you’ll know that a single coding error can create a vulnerability exposing you to attacks resulting in considerable financial or reputational damage. New vulnerabilities can also be generated during an application’s lifecycle, through software updates or insecure component configuration, or can arise through new attack methods.
Kaspersky’s Application Security Assessment Services uncover vulnerabilities in applications of any kind, from large cloud-based solutions, ERP systems, online banking and other specific business applications, to embedded and mobile applications on different platforms (iOS, Android and others).
Whether you develop enterprise applications internally or purchase them from third parties, you’ll know that a single coding error can create a vulnerability – a vulnerability that can expose your business to attacks and result in considerable financial and reputational damage. New vulnerabilities can arise during an application’s lifecycle through software updates or insecure component configuration, as well as through new methods of attack.
Service Scope and Options
Applications assessed can include official web sites and business applications, standard or cloud based, including embedded and mobile applications. The services are tailored to your needs and application specifics, and may involve:
Black-box testing
Emulating an external attacker without prior knowledge of the application's internal structures and workings.
Grey-box testing
Emulating legitimate users with a range of profiles.
White-box testing
Analysis with full access to the application's source codes.
Application firewall effectiveness assessment
Testing with and without the firewall enabled to verify whether potential exploits are blocked.
Application Security Assessment Services
Combining practical knowledge and experience with international best practices, our experts detect security flaws which could expose your organization to threats including:
- Syphoning off confidential data
- Infiltrating and modifying data and systems
- Initiating denial of service attacks
- Undertaking fraudulent activities
Following our recommendations, vulnerabilities revealed in applications can be fixed, and such attacks prevented.
About kaspersky’s Approach to Application Security Assessment
Security assessments of applications are performed by Kaspersky security experts both manually and through applying automated tools, with full regard of your systems’ confidentiality, integrity and availability and in strict adherence to international standards and best practices, such as:
- Web Application Security Consortium (WASC) Threat Classification
- Open Web Application Security Project (OWASP) Testing Guide
- OWASP Mobile Security Testing Guide
- Other standards, depending on your organization’s business and location
Project team members are experienced professionals with a deep, current practical knowledge of the field, including different platforms, programming languages, frameworks, vulnerabilities and attack methods. They speak at leading international conferences, and provide security advisory services to major vendors of applications and cloud services, including Oracle, Google, Apple, Facebook and PayPal.
Delivery Options
Depending on the type of security assessment service, your systems specifics and working practices, security assessment services can be provided remotely or onsite. Most services can be performed remotely, and internal penetration testing can even be performed through VPN access, while some services (like wireless networks security assessment) require an onsite presence.
Pricing Notes:
- Pricing and product availability subject to change without notice.