Application Architecture Assessments are the single best mechanism to ensure the security of the resultant application. By engaging subject matter expertise during the design phase, security and audit requirements can be fully accounted for before development begins. This proactive approach generally provides a near instantaneous ROI in risk mitigation and savings in downstream corrective action.

Elements of an Architectural Assessment may include:

• Requirements Review

• Control Objectives Review

• Regulatory Compliance Review

• Application Risk Assessment

• Connectivity Review (network & Application layer

• Security Fundamentals Review (Authentication, Confidentiality, Integrity, Non-Repudiation)

• Development Plans / Methodology (including review against SDLC)

• Application Architecture (including language choices, modularization, implementation)

• Non-Application Level Security (Network layer including IDS, IPS, etc.)

Application Penetration Testing (APT) is analogous to a (and often includes) network penetration test, and is an all out assault on an application. APT's are often conducted pre and/or post deployment and are intended to uncover vulnerabilities inherent in an application.

Typical vulnerabilities identified include:

• SQL Injection Attacks - Allows Access to the OS or Sensitive Data

• Access Control Flaws (Brute Force Potential, Password flaws, Authentication Bypass (application), Authentication Bypass (data) - Allow direct access to Sensitive Data

• Hidden Field Hijacks - Allows Malicious eShoplifting

• Cookie Poisoning / Manipulation - Allows user impersonation

• Cross Site Scripting - Allows site defacement, server side exploits, and can be used in combination with other flaws for user impersonation

• Denial of Service (Network, Application) -- Allows the application/server to be crashed

• Application Architecture Leakage (Forceful Browsing, Error Messages, URL Content Inspection) - Allows a malicious user to gain valuable information to be used to exploit other flaws

• 3rd party Mis-configuration (Apache, IIS, IDE's) - Allows server side exploits, access to the OS, and access to Sensitive Data

• Buffer Overflows - Allows privileged access to the OS

The scope of an Architectural Assessment may include:

• Network Layer

• Network Segment (DMZ, Extranet)

• Front-End & Back-End Systems (Authentication Servers, Application Servers, Web Servers)

• Database

Even in the event that the process up to the point of deployment has been flawless, the application is only assured of being "secure" for a brief period of time. That is the Policies & Procedures that are inherent in the overall Control Environment for the Application also need to be validated to ensure that the application will remain secure.

The scope of an Application Controls Audit may include:

• Planning (Risk Assessment, Control Objectives, Requirements Definition, SDLC Compliance, Regulatory Compliance)

• Network Environment & Management Processes (System Auditing, System Monitoring, Change Management, Patch Management)

• End Users & Administration (Authentication, Security Awareness, Segregation of Duties)

• System Interfaces (System Security, Authentication, Data validation)

• File Handling (Access Control, Integrity, Confidentiality)

• Backup and Recovery (Disaster recovery & Business Continuity)

• System Monitoring (System Auditing, Vulnerability Assessments)

• Input Controls (Data Validation, Boundary Enforcement)

• Third Party Management (Service Level Agreements, Monitoring)

For those applications where critical is CRITICAL (life, ongoing business operations) code reviews (when performed in concert with the other three assessment methodologies) is the most comprehensive mechanism to absolutely ensure the security of an application.

Application code level reviews provide the highest level of assuredness of detection of the following application vulnerabilities:

The scope of a Source Code Review may include:

• Source Code Scanning - leverages automated vulnerability detection/Quality Assurance source code scanners that identify potentially dangerous functions and methods relating to an application.

• Source Code Audit - an independent review of the application source code by our team, to verify compliance with software design documentation and programming standards. This mechanism can often be used to catch inconsistencies inherent in a team based approach that can cause unexpected logic flaws.

• Source Code Walkthrough - a manual error detection technique where program logic is traced manually by a team with a small set of test cases, while the state of program variables is manually monitored, to analyze the programmer's logic and assumptions. This methodology is typically used to detect logic errors in an applications most critical processes.

• Source Code Inspection - a very formal, manual error detection technique where the programmer reads source code, statement by statement, to the team who ask questions analyzing the program logic, analyzing the code with respect to a checklist of historically common programming errors, and analyzing its compliance with coding standards. Walkthrough elements are generally included in this approach as well.