Providing comprehensive security assessmentof applications and network infrastructure IBM Application Security Assessment Identifying application vulnerabilities unsecured applications, as attackers Highlights to prevent security breaches are increasingly targeting such appli- Application security is a frequently cations. Without proper security, Identifies application security overlooked component of a security applications are perhaps the most issues before they can be plan. Developers are under pressure high-risk component of any network exploited to bring custom applications of all infrastructure. Due to the sensitivity kinds (such as Web applications, of the information that applications Helps safeguard the integrity customer relationship management may house, the security of applications and security of sensitive, systems, accounting systems, etc.) can also impact compliance with gov- business-critical data online quickly. This often results ernment and industry regulations. Enables secure extension in insufficient security testing and of business applications validation, leaving the applications Safeguarding custom applications vulnerable to exploitation by both IBM Application Security Assessment Helps improve productivity is designed to enable you to balance internal and external attackers. by avoiding application time-to-market demands with security downtime and increasing These applications are designed to best practices. The Application Security user confidence be accessible by customers, partners Assessment provides a targeted code and employees. They frequently house review and a comprehensive vulner- sensitive data that can be accessed ability assessment of the application across networks, via extranets or by and the network infrastructure directly anyone over the Internet. Protecting the supporting the application to determine confidentiality, integrity and availability security weaknesses and misconfigu- of this data is crucial. Recent events rations. Applications are reviewed demonstrate that there is a flourishing from both a technical and nontechni- underground marketplace for stolen cal perspective, revealing security personal information such as credit weaknesses and providing detailed card numbers, account numbers and recommendations for the remediation Social Security numbers. Much of of vulnerabilities discovered. this information is harvested from
Benefits • Determines security weaknesses Enhancing protection through proven• Provides security-rich extension of and misconfigurations through methodology business applications comprehensive vulnerability assess- The IBM Application Security Assessment• Identifies application security issues ment of the application and network is based on a proven methodology that before they are exploited infrastructure directly supporting includes:• Increases real-world perspective into the application hacker techniques and motivations • Conducts technical testing by • Information gathering — investi-• Identifies specific risks to the IBM Internet Security Systems gation of application design and organization and provides detailed (ISS) security experts who have programming from the developer’s recommendations to mitigate them strong backgrounds in software perspective to determine format • Supports user confidence in applica- development with a focus on Web for testing tion security application development • Technical testing — assessment of • Helps prevent application downtime • Provides a targeted, cost-effective the application to uncover security and improve productivity code review to identify areas in vulnerabilities and weaknesses• Supports efforts to achieve and the code that can be improved for • Targeted source code review — maintain compliance with govern- greater security targeted, cost-effective review of ment and industry regulations • Provides a detailed report with the application code that will recommendations for mitigating provide solid recommendations Features discovered risks for improving the code for greater • Assesses application vulnerabilities • Includes support from the IBM security that may jeopardize the confiden- Internet Security Systems X-Force® • Deliverables — detailed report tiality, integrity and availability of security intelligence team, a world on the application’s current critical or sensitive data authority in vulnerability and security posture and detailed • Performs a functional review of the threat research recommendations for remediation application from both a client and of vulnerabilities discovered. server perspective
Why IBM Internet Security Systems? Trusted partnership — We work with your For more informationIBM Professional Security Services from key staff and management to design a To learn more about IBM ApplicationIBM ISS offers among the best security customized plan that meets your organi- Security Assessment, contact yourconsulting services in the industry. Our zation’s security goals. IBM ISS representative to schedule aexpertise, tools and methodology com- consultation. Call 1 800 776-2362, sendbine to deliver: Specialized skills and tools — Our an e-mail to email@example.com or visit: consultants combine proprietary andSecurity expertise — Our team of industry-leading security assessment ibm.com/services/us/isssecurity experts comprises senior tools with in-depth analysis of vulnerabilitysecurity professionals who have data to evaluate and build an effectivehoned their skills through corporate security program that enhances yoursecurity leadership, security consulting, business operations.investigative branches of the govern-ment, law enforcement and research World-class security intelligence — IBMand development. ISS consultants are supported by the X-Force team, our globally recognizedStaff cost savings — We offer the experi- research and development team. Thisence and skills of our Professional combination helps enable us to provideSecurity Services team for less than you with the best security solution forthe typical cost of hiring a single in- your business.house security expert.