Click below to see more information and then click on the image to go to the selected page.
Threat Modeling: Analyze, Detect and Mitigate vulnerabilities in software
Threat modeling allows you to apply a structured approach to security and to address the top threats that have the greatest potential impact to your application first.
By identifying and rating threats based on a solid understanding of the architecture and implementation of your application, you can address threats with appropriate countermeasures in a logical order, starting with the threats that present the greatest risk.
Threat modeling has a structured approach that is far more cost efficient and effective than applying security features in a haphazard manner without knowing precisely what threats each feature is supposed to address. With a random, “shotgun” approach to security, how do you know when your application is “secure enough,” and how do you know the areas where your application is still vulnerable? In short, until you know your threats, you cannot secure your system.
Application Security Testing
Application Security Testing
SECURITY TESTING is a type of software testing that intends to uncover vulnerabilities of the system and determine that its data and resources are protected from possible intruders.
There are four main focus areas to be considered in security testing (Especially for web sites/applications):
- Network security: This involves looking for vulnerabilities in the network infrastructure (resources and policies).
- System software security: This involves assessing weaknesses in the various software (operating system, database system, and other software) the application depends on.
- Client-side application security: This deals with ensuring that the client (browser or any such tool) cannot be manipulated.
- Server-side application security: This involves making sure that the server code and its technologies are robust enough to fend off any intrusion.
Technical analysis of the safety level of IT systems and networks. Complete investigation of the hardware / software systems for security vulnerabilities. Simulation of potential attacks from internal and external perpetrators (intranet, internet).
The detection of security vulnerabilities includes the following sub-processes:
Information Gathering/Preparation of the testing (30%)
- Foot-/Fingerprinting: Obtaining information on the entire Hardware-/Software-System (Blackbox, Whitebox)
- Network analysis
Vulnerability Detection and Verification (30%)
- Vulnerability scanning: review of the entire hardware-/software-configuration to leaks and covert security bugs (security configuration) and verification of vulnerabilities
- Analysis of firewall rules
- Review of the encryption in networks (WLAN, LAN, WAN) and on servers
- Exploiting known vulnerabilities
- Development and review of security strategies: password policies, e-mail policies, firewall, server policies, security mechanisms, security policies etc.
- Determination of safety levels
- Presentation: Preparation of progress (fully documented) results, final report of all investigations with a recommendation for action to enhance security levels
- Conclusive documentation with recommendations to enhance security levels
- Supporting the development of preventive security measures to attack defense and prevention of abuse cases and in the development of a cyclical auditing process to increase the resistance value of IT to continuously and sustainably