Application Security

SECUREADY has performed hundreds of application reviews and assessments for a variety of federal and private sector clients. These reviews can be based on the yellow book in support of Office of Inspector Generals (OIGs), based on CobIT in support of General Auditors, or based on a variety of laws, regulations, and best business practices. SR has performed traditional application reviews focusing on the inputs, processing, and outputs as well as applications reviews that are focused on breaking web-based applications.

Based on the application security documentation and SR’s understanding of common exploits and/or control weaknesses, a detailed assessment plan is developed to perform the application review within the context of the contracted activities. This can include input controls to the application;  Web-based edits and weaknesses if Web-based; balancing and edit controls if non-Web-based, processing controls, and output controls. The assessment plan also identifies the tools to be used during the context of the testing to satisfy the detailed steps of the assessment plan. SR also utilizes our own host-based assessment tools which are developed based on federal policies and guidance and best business practices. To date these tools have been used to evaluate hundreds of platforms throughout the world.