Whether your company develops custom applications in-house or orders them from a vendor, most development teams focus on functionality, with security issues receiving only secondary attention. As a result, custom applications are often highly vulnerable to attacks.
Custom applications frequently automate critical business processes and work with confidential information that must be protected. When security mechanisms are missing, employed incorrectly, or even contain special backdoors left by developers that can be exploited by hackers to gain unauthorized access, the risks to your company can be enormous.
Custom application security tests by Positive Technologies provide your company with independent expert analysis of your source code that measures the risk in relation to known methods of attack. We are unique in our ability to work with huge amounts of source code (tens of megabytes), our deep knowledge of code generated using different technologies, and our highly qualified experts with over a decade of experience conducting custom code analysis for large enterprises around the world.
Our process emphasizes intensive manual testing with additional automated checks to enhance the overall quality of analysis. Our typical testing procedure is as follows:
- Estimate the volume of work (size of the source code used, programming languages used, technology development)
- Analyze source code manually (our experts work on-site at your facility)
- Analyze source code with automated methods
- Identify vulnerable sections of your code
- Evaluate results
- Provide recommendations for eliminating source code vulnerabilities
The key deliverable from our testing includes a report detailing:
- Test methodology
- General conclusions about the quality of the source code and its resistance to known attack methods
- Explanations for all identified vulnerabilities and an analysis of the potential impact on your business if these vulnerabilities were exploited
- Recommendations for source code revisions to mitigate each vulnerability (including code examples)