Test your readiness against attacks without risking negative headlines
The repeatable methodology involves a customized approach based on the OWASP ASVS and we evaluate your application based on the required security level:
- Level 1: This is for applications with low assurance needs or those that don’t handle sensitive data. The Canadian Center for Cyber Security recommends that small and mid-size businesses secure their applications based on ASVS L1 at a minimum, and to include this set of controls as a requirement in contractual agreements with software vendors. Testing at this level can be done with a combination of automatic and manual methods without access to source code, documentation, or developers.
- Level 2: Typically appropriate for applications that handle sensitive data, provide business-critical or sensitive functions or industries where integrity is a critical facet to protect their business. This level requires access to documentation, source code, configuration, and the people involved in the development process.
- Level 3: This is for applications that require high levels of security assurance and are considered critical such as those that perform high-value financial transactions, contain sensitive medical data, or used by the military. This level requires more in depth analysis of architecture, coding, and testing than all the other levels.
This results in a clear view of your application’s security stature, highlighting gaps along with information that will help you prioritize the actionable findings. Talk to us to find out more about the value that comes from a thorough Appsec evaluation.