When an organization deploys a web application, they invite the world to send them HTTP requests. Attacks buried in these requests sail past firewalls, filters, platform hardening, and intrusion detection systems without notice because they are inside apparently valid requests. Even "secure" websites that use SSL just accept the requests that arrive through the encrypted tunnel without scrutiny. This means that your web application code is part of your security perimeter. As the number, size and complexity of your web applications increases, so does your perimeter exposure.

Accuvant's application security assessment offerings are designed to help organizations identify flaws in their custom and 3rd party or COTS applications that resist detection from traditional assessment techniques. Accuvant application assessors have deep experience in software security, come largely from development backgrounds, and have worked closely with the application security teams for the largest software manufacturers on the planet. Using the skills derived from our many years of experience and proven methodologies defined by organizations such as Microsoft, OWASP, and WASC, our application security assessment services have the ability to analyze software security controls from logical process and procedures, to architecture and design flaws, to code level vulnerabilities that can compromise the integrity of the environment as a whole.

As with all of Accuvant's assessment offerings, Application Security Assessments are highly customizable to meet our client's requirements and the scopes vary largely based on how much access to the target application and supporting environment is provided and targeted for analysis. Ultimately the goal of all approaches are the same-to identify problems in critical applications so they can be corrected before data is lost, corrupted, or stolen. Accuvant comprehensive application assessments regularly include the following components:

• Application vulnerability assessment
• Application penetration testing
• Application architecture and design review
• Server host security configuration assessment
• Database security configuration assessment
• Basic source code assessment
• Comprehensive source code assessment
• Application security threat modeling
• SDLC process and procedure assessment

For more information on Accuvant's application security assessment services, please contact us at info@accuvant.com or call our sales department at 1-800-574-0896