Kaspersky Application Security Assessment
Overview
Whether you develop enterprise applications internally or purchase them from third parties, you’ll know that a single coding error can create a vulnerability – a vulnerability that can expose your business to attacks and result in considerable financial and reputational damage. New vulnerabilities can arise during an application’s lifecycle through software updates or insecure component configuration, as well as through new methods of attack.
Emulating an external attacker without prior knowledge of the application's internal structures and workings
Emulating legitimate users with a range of profiles
Analysis with full access to the application's source codes
Testing with and without the firewall enabled to verify whether potential exploits are blocked
Case Studies
Eхplore examples of Kaspersky Lab security solutions at work in the field
Merkeleon
Starting in 2009 Merkeleon has developed innovative platforms for marketplaces, online auctions and cryptocurrency exchange. With Kaspersky the company has achieved great synergy between crypto development expertise and in-depth knowledge of cyber threats and security algorithms.
World Chess Federation
In February 2017 FIDE, World Chess and Kaspersky Lab jointly announced a cybersecurity partnership, initially embracing the two-year World Chess Championship cycle in 2017-18.
The Use
Kaspersky Application Security Assessment helps to:
- Prevent financial, operational and reputational loss by proactively detecting and fixing the vulnerabilities used in attacks against applications
- Save remediation costs by tracking down vulnerabilities in applications still in development and testing before they reach the user environment where fixing them may involve considerable disruption and expense
- Support a secure software development lifecycle
- Comply with government, industry and internal corporate standards, such as GDPR or PCI DSS
Vulnerabilities which may be identified:
- Flaws in authentication and authorization, including multi-factor authentication
- Code injection (SQL Injection, OS Commanding, etc.)
- Use of weak cryptography
- Logical vulnerabilities leading to fraud
- Client-side vulnerabilities (cross-site scripting, cross-site request forgery, etc.)
- Insecure data storage or transferring, for instance, lack of PAN masking in payment systems
- Disclosure of sensitive information
- Other web application vulnerabilities
Results are detailed in a final report and include:
- Detailed technical information on the assessment processes
- Vulnerabilities revealed and recommendations for remediation
- An executive summary outlining management implications
- Verification of compliance with international standards and best practices
- Videos and presentations for your technical team or top management can also be provided if required
Related to this Service
Let’s Start the Conversation and talk to one of our experts about how True Cybersecurity could inform your corporate security strategy, please get in touch.