Application Security Review
Commercial products are used throughout corporate networks, usually with little regard to how secure they are. Often it is thought that if a product is commercially developed then it must have undergone rigorous security testing. Unfortunately this is not always the case.
Application security testing of your products provides customers with the knowledge that deploying your products will not introduce any security issues into their environment. After any discovered vulnerabilities have been mitigated, the produced report can be used as part of product sales by showing customers that your products have been independently reviewed.
While the best advice is to ask a product vendor for the results of an independent security review, these are not always available. Even if they are, how truly independent are the results? The team at Insomnia have reviewed numerous commercial applications, and have the niche skills required to perform this type of specialised work.
- Binary analysis, checking for undocumented commands and the use of insecure API calls
- Web application review, Web services review, Thick client review
- Threat modelling, giving an understanding of application entry points
- File structure review, ensuring that appropriate access requirements are in place
- Network level packet analysis
Full service descriptions, methodologies and sample reports are available upon request