Test your readiness against attacks without risking negative headlines

The continued proliferation of application vulnerabilities confirms that development teams are not certain about their application’s security requirements, and security teams are not performing consistent and comprehensive assessments.
As an application goes through various security assessments – secure design review, SAST, SCA, DAST, Pentests, etc – the resultant findings that emerge from each assessment are very specific and fail to provide a holistic view of the application’s overall security posture. 
We at Rhinofense take the OWASP ASVS (the gold standard for Application Security) and verify an application against up to 286 security controls. The outcome is then compiled and dissected into 14 security domains of an application.
With just one single view, you can measure the level of trust an application provides and plan its maturity roadmap.


Our Methodology

The repeatable methodology involves a customized approach based on the OWASP ASVS and we evaluate your application based on the required security level:

  • Level 1: This is for applications with low assurance needs or those that don’t handle sensitive data. The Canadian Center for Cyber Security recommends that small and mid-size businesses secure their applications based on ASVS L1 at a minimum, and to include this set of controls as a requirement in contractual agreements with software vendors. Testing at this level can be done with a combination of automatic and manual methods without access to source code, documentation, or developers.
  • Level 2: Typically appropriate for applications that handle sensitive data, provide business-critical or sensitive functions or industries where integrity is a critical facet to protect their business. This level requires access to documentation, source code, configuration, and the people involved in the development process.
  • Level 3: This is for applications that require high levels of security assurance and are considered critical such as those that perform high-value financial transactions, contain sensitive medical data, or used by the military. This level requires more in depth analysis of architecture, coding, and testing than all the other levels.

This results in a clear view of your application’s security stature, highlighting gaps along with information that will help you prioritize the actionable findings. Talk to us to find out more about the value that comes from a thorough Appsec evaluation.