APPLICATION SECURITY

Application Security Assessment
Source Code Analysis

Exelcius Technologies source code review is the process of auditing the source code for an application to verify that the proper security controls are present, that they work as intended, and that they have been invoked in all the right places.

Source code analysis can be either static or dynamic.

In static analysis, debugging is done by examining the code without actually executing the program. This can reveal errors at an early stage in program development, often eliminating the need for multiple revisions later.

After static analysis has been done, dynamic analysis is performed in an effort to uncover subtler defects or vulnerabilities. Dynamic analysis consists of real-time program testing.

Source Code Analysis Process:

  • ◈ Reconnaissance
  • ◈ Static Code Analysis
  • ◈ Tool Run
  • ◈ Manual Review
  • ◈ Reporting
  • ◈ Recommendations
  • ◈ Revalidation
Application Threat Modelling

Exelcius Technologies methodology for Application threat modelling makes it possible to systematically analyse the security of an application – identifying potential threats, ranking their risk and enacting countermeasures to resolve them.

To help you incorporate this best-practice into your application development, we’ve taken a simple 5-step process for application threat modelling:

  • ◈ Identify Security Objective
  • ◈ Application Overview
  • ◈ Decompose the Application
  • ◈ Identify and Rank threats as per thread models, Such as: STRIDE, DREAD, PASTA, VAST, etc.
  • ◈ Identify suitable countermeasures
Application Penetration Testing

Exelcius Technologies Application Penetration Testing is an "ethical attack" intended to reveal the effectiveness of an application's security controls by highlighting risks posed by actual exploitable vulnerabilities.

Web application penetration testing works by using manual or automated penetration tests to identify any vulnerability, security flaws or threats in a web application. The tests involve using/implementing any of the known malicious penetration attacks on the application. The web application penetration testing key outcome is to identify security weakness across the entire web application and its components (source code, database, back-end network). It also helps in prioritizing the identified vulnerabilities and threats, and possible ways to mitigate them.

The process of Penetration Testing has been broadly divided into below phases:

  • ◈ Target Identification
  • ◈ Web Application Crawling
  • ◈ Web Application Fingerprinting
  • ◈ Web Application Scanning
  • ◈ Manual Vulnerability Identification
  • ◈ Reporting
  • ◈ Remediation Recommendations
  • ◈ Revalida
APPLICATION SECURITY