Applications should be assessed so issues are known and mitigated. The depth and breadth of an assessment depends on the criticality of the app to the organization. We take a risk based approach, following OWASP’s ASVS and Testing Project as well as other standards and our custom methodologies to offer Basic, Standard, and Advanced application security assessment services for web, mobile, or other types of applications.
These may include a design baseline, threat modelling, automated and manual testing, as well as code analysis based on the level of service. If someone offers “pentesting”, be sure to ask what is provided and how, since you may get an automated scan and a list of issues that are not priorirized based on impact to your business, rather than the right type of assessment for your application with focus on where the impact to your business can be reduced most.