Testing verifies how your application security program is performing. Find out how testing can identify weaknesses and identify opportunity for improvement.
Manual Application Security Testing (MAST)
It is common to see organizations implementing static or dynamic analysis automated solutions to assess an application for vulnerabilities. A key component often overlooked is a manual application security test. A manual assessment is performed by a user using the application, looking for potential security weaknesses.
Jardine Software specializes in manual application security testing. When we say manual, we mean it. The majority of our testing is performed with just a web browser (or mobile device) and a web proxy. The tester will manually interact with the application, looking at the traffic and current features to then try and identify potential security weaknesses. We do not merely manually crawl the site to feed it into an automated tool. Our manual testing helps augment what SAST and DAST cover as well as fill in the gaps to include a focus on authentication, authorization, business logic, etc. This helps round out your testing capabilities.
While many organizations do not have the expertise in-house to perform manual testing, Jardine Software can partner with you to help provide this coverage. We provide multiple levels of manual testing to fit small to large organizations.
A vulnerability assessment is an important part of the Secure Development Life Cycle. In most cases, this type of test is performed by a third party during the testing phase or after the application is released to production. The goal is to identify security risks that the application presents to the company. Jardine Software not only works hard to properly assess the application, but to provide valuable and accurate information to the company to act on. After an assessment is complete, Jardine Software is available to answer questions and work with the client and its developers to fully understand the results.
A penetration test is similar to a vulnerability assessment, however it typically includes exploitation. While a vulnerability assessment does have some exploitation to verify a finding, a penetration test explicitly will exploit vulnerabilities to determine how much access is available. This exploitation helps identify the real risk of the identified vulnerability. Penetration tests may be required for certain compliance standards, such as PCI.
Jardine Software’s unique experience in both security and strong development background gives us an advantage when it comes to assessing applications. Understanding how applications are designed and work make it possible to find those hard to find flaws.
Jardine Software takes a unique method to performing vulnerability assessments and penetration tests. Unlike most companies that cram the testing into a very short period of time, we provide the option to spread the testing window out over a 30 day period. Extending the testing window allows the testers to discover items over time, not rushing to find issues in a 3-5 day span. It also makes knowledge transfer more efficient.
This method gives the client and Jardine Software time to work through identified issues providing the flexibility to handle any situation that may arise. Contact us for more details for an assessment of your web applications.