Application Security

Applications are under attack more than ever.

Businesses increasingly rely on applications in order to succeed, and application security becomes more and more important as attackers shift their focus to these systems. Many security service providers do not have staff with background in software development who truly understand how applications work, and how to properly protect them. Forward’s application security team is made up of ex-software developers who have the knowledge and experience required to work with you at all stages of application lifecycle to ensure your systems are well protected.

Application Security Risk Assessment (incl. Mobile)

Applications should be assessed so issues are known and mitigated. The depth and breadth of an assessment depends on the criticality of the app to the organization. We take a risk based approach, following OWASP’s ASVS and Testing Project as well as other standards and our custom methodologies to offer Basic, Standard, and Advanced application security assessment services for web, mobile, or other types of applications.

These may include a design baseline, threat modelling, automated and manual testing, as well as code analysis based on the level of service. If someone offers “pentesting”, be sure to ask what is provided and how, since you may get an automated scan and a list of issues that are not priorirized based on impact to your business, rather than the right type of assessment for your application with focus on where the impact to your business can be reduced most.

Optional Add-ons
  • ASVS levels can be increased as required.
  • Threat modelling requires a Security Design Document, or at least data-flow and network/component diagrams.
  • Security Design Baseline can be added to Basic and Standard.
  • Manual or Automated Code Analysis can be added to any service level (requires source code).
appSecServicesTable.png

SOFTWARE SECURITY TOUCHPOINTS

infographic.png
We also offer
The following additional Application Security services:
  • Co-managed Application Security.

    Security can be difficult, expensive, and painful, but very necessary. We can help by incorporating security automation tools, Forward’s risk tracking system, and subject matter experts into your organization. This will provide an up-to-the-minute view of your application security risks along with the expertise needed to address the more complex issues. 

  • Application Security Design Baseline.

    Do you know your applications’ security posture, or what controls are in place? We work with your team and apply our design baseline process to document the existing security architecture design and controls that are in place. This prepares your organization for responding to vendors' security questions, and allows for more in-depth security assessments. 

  • Application Security DLC and CI/CD Adoption.

    In today’s fast moving development environments, organizations can’t afford delays to their application releases, and need to ensure security issues are addressed early to avoid costly band-aid fixes. We can help you incorporate security into all stages of your development lifecycle including automation to reduce risks.