Industry research is highlighting that for many organisations, application security is an 'Achilles Heel' in their information security strategy.  To understand their application security exposure, organisations need to test the security of their applications.

Sopra Group's security specialists can provide a range of assurance services to assess the security of your business-critical applications.

An Application Penetration Test assesses the security of a Web-based portal, e-commerce application, internal applications or Web platform to find application level security vulnerabilities.

Using a combination of manual techniques and commercial tools, this service pinpoints specific vulnerabilities and helps identify further underlying problems.  Our clients receive a detailed report that prioritises the issues and that can feed into their risk-treatment process.

The analysis integrates detailed vulnerability and countermeasure information for:

• Authentication
• Authorisation
• Session management
• Data integrity
• Data confidentiality
• Privacy concerns.

Typically, Sopra Group will gain access to an application as if we were a malicious user and, like an attacker, attempt to find and exploit application-level vulnerabilities.  In many cases we will be given a valid user account or possibly a number of different accounts with differing levels of authority in order to fully test the application.

Sopra Group has a wealth of experience, not only in testing the security of applications as part of complex business-critical systems, but also in development, across all major development platforms.  Essentially, we know how systems are put together and we know how to take them apart.  Click here to access our whitepaper on Application Security.

70% of malicious attacks now target application software rather than the underlying infrastructure.  Research has shown that software security code analysis is the most effective way of identifying and reducing application vulnerabilities.  Having agreed the adequacy of the security controls in the design phase, it is therefore important to measure that the controls are realised and effective within the application development phases.

Sopra Group provides rigorous and efficient source code inspection services that allow our consultants to work with our clients to identify detrimental software security problems at the onset or throughout the development lifecycle.

Our specialist consultants utilise both open-source and commercial-inspection tools combined with their manual expertise to analyse static code for policy or best practice violations such as inappropriate cryptography algorithms and common language constructs that can lead to vulnerabilities.  We help our clients design, implement, monitor and support complex security architectures for the delivery of major business applications.

Since complex applications depend on many other supporting technologies such as databases, networks, web and application servers and secure messaging to provide the functionality required by the business, it is important from a security perspective, to understand the role the application plays within the context of the business and infrastructure.

An open-system security review will assess all aspects of a specific business application to determine any security weaknesses.

We will work with our clients not only to conduct an application penetration test but also to provide a suite of tailored security assurance services that can examine:

• Application server security
• Web server security
• Database server security
• Operating system security configuration and patching 
• Network security
• Web services security
• Overall security architecture.