Application Security

Strategic delivers software developers, and entire development teams, that have expertise in the full spectrum of software application security methods, tools, and techniques.

 

Application Security​ Planning Steps

  • Determine the Static, Dynamic,  and Interactive testing tools that are appropriate for testing the code being secured

  • Develop a plan to find and fix security vulnerabilities in code as it is being developed and implemented throughout the entire software development life cycle (SDLC) so that vulnerabilities may be addressed in a timely and thorough manner

  • Detect and manage open source risks in development and production

  • Identify runtime vulnerabilities that expose sensitive data

  • Test APIs and services for security weaknesses and vulnerabilities

Application Security Methods and Techniques

  • Whitebox security review is a code review process that consists of a security engineer deeply understanding an application through manually reviewing the source code and identifying security flaws and vulnerabilities unique to the application

  • Blackbox security audits do not require access to source code and are done through the use of an application testing platform to identify security vulnerabilities

  • Design review is a manual process done before code is written, typically using a specification or design document, and involves working through a threat model to clarify structural vulnerabilities or the absence of appropriate safeguards of the application

  • Tooling consists of automated tools that test for security flaws, the benefit is that they make testing fast and they scale well, but the drawback is that they often produce a higher false positive rate than manual testing done by an individual