Skip to main content

Application Security Assessments

At SQE Consulting, we believe that what an enterprise does not know can hurt them.

That is why we work with organizations to assess their current applications in order to identify security vulnerabilities. Our security staff uses their knowledge and the latest tools to evaluate and discover the vulnerabilities lurking in your applications. We work closely with you to help you understand the results of the assessment and impact on your organization, including the risks that the vulnerability presents to you. We also help you to understand the implication any vulnerabilities have to the compliance regulations that apply to your applications.

We assess applications used by your organization that were developed internally, outsourced, off-shored, or are off-the-shelf. Internally and outsource-developed applications often come under great pressure to deliver the application without the security testing needed to protect the enterprise and its data. Outsourced and off-the-shelf applications can come from a source that is not fully vested in the security of the enterprise and can even have purposely placed vulnerabilities. Our assessment makes no assumptions about the source of the application and therefore evaluates them equally.

Our assessments include application vulnerability testing, application penetration testing, source code assessment (when available), and architectural risk analysis. We use many methods to find and evaluate an application’s vulnerability through testing, such as using proxies to monitor the input and output of the application. Application penetration testing or pen tests allows us to find how the hacker might try to infiltrate the enterprise through a vulnerability. When the source code is available, we use tools to help find vulnerabilities in the source code and in the data and control flow of the application and how they can be exploited. We provide architectural risk analysis that looks at all the layers of an application and how they interact to find vulnerabilities in their interactions.

Once evaluated, all findings are reported to you. We provide an assessment report showing how and where your enterprise and your applications are vulnerable. We can use the assessment findings to compare your organization to other organizations in order to develop an understanding of the effectiveness of your current application security practices as compared to industry averages.

For more information on SQE Consulting professional services, contact us at jmacnaughton@sqe.com or 904.278.0524 x 212.