Application Security
Enterprise reliance on software applications for automation, efficiency, and precision has been a massive opportunity and risk. Software has penetrated every aspect of our lives in a very subtle and transparent way. We rely on our smart phones, tablets, and computers to do our daily work. Moreover, we are also heavily reliant on software. Customers, business partners, employees, and regulators are demanding that software security not only ensure data security but also preserve critical business functionality. Regulators such as PCI, SOX, GLBA, HIPPA, and PHIPA require that organizations manage software security risks.
As a recognized leader in Secure Software, RiskView’s Application Security team has been serving major financial institutions and important organizations with their software security. We understand your business, your threats, and your regulatory requirements. RiskView’s Application Security team can assist you with the secure design, development, and testing of your application.
Our in-depth industry knowledge combined with our technical security expertise can help you identify and mitigate your software vulnerabilities.
Our application security services include:
- Application Security Accelerator Framework: this is an efficient and cost-effective package of services that accelerates enterprise application security
adoption. - Application Security Vulnerability Assessment and Penetration Testing: these assessment and testing services include the following:
- Threat Modeling
- Security Requirements Review
- Architecture and Design Review
- Code Review
- Security Testing
- Implementation Review
- Maintenance and Audit Review
- Fraud Detection and Forensic Analysis
Our Business Partners and Resources:
RiskView’s Accelerator framework along with commercial and free tools can efficiently secure your enterprise applications (legacy, web, or mobile applications alike):
- HP Fortify & WebInspect: A commercial bundle of static and dynamic application security assessment tools. HP is a business partner of RiskView.
- IBM AppScan: A commercial dynamic application security assessment tool. IBM is a business partner of RiskView.
- OWASP: RiskView team has been contributing to OWASP since 2001.
- NetSparker Community Edition: A free web scanning tool.
- Wapiti: A free opensource web application security tool.
- Skipfish: A free web application security reconnaissance tool.
- Watcher: A free plugin for fiddler.
- WebScarab: A free HTTP proxy with the ability to view and fuzz parameters.
- Acunetix: A commercial tool with a free version.