SecurBay – Application Security Assessment

Ref. Code:	AS-1
Objective	To understand the status of application security versus the real-world scenario by using both manual and automated techniques for assessment
What we do	Pre-Assessment Analysis Information Gathering Identifying OWASP Top-10 vulnerabilities Identifying other critical web application vulnerabilities Identifying Underlying server Infrastructure related vulnerabilities Mitigation Strategies to fix the identified issues Report Generation
Requirements	Sign a Non-Disclosure Agreement (NDA) Provide application details like URL, User Roles, Test User Accounts, etc. Backup of the data on the server/web application needs to be taken before running the test
What you get	Security Assessment Reports: Executive (for executive managers) and Technical (for IT administrators) reports that include findings and recommendations Follow-up activities to assist in implementing the recommendations and mitigating the risks
Suggested frequency	Quarterly

Ref. Code:	AS-2
Objective	To identify syntax errors, configuration issues and flaws in business logic that occurs in application code thereby resulting in a compromised application.
What we do	Pre-Assessment Analysis Information Gathering Understanding the application functionality and architecture. Reviewing application documentation Scan the application source code based on the security checkpoints Identify the potential security vulnerabilities Providing the Mitigation Strategies Report Generation
Requirements	Sign a Non-Disclosure Agreement (NDA) Provide application documentation Provide application source code
What you get	Security Assessment Reports: Executive (for executive managers) and Technical (for IT administrators) reports that include findings and recommendations Follow-up activities to assist in implementing the recommendations and mitigating the risks
Suggested frequency	Half Yearly Before the deployment of a new application

Application Security Assessment