FishNet Security provides application security services to help businesses securely develop applications and protect sensitive information. Their services include application security assessments, secure code reviews and training, application threat modeling, and reviews of secure software development lifecycles. Their consultants have extensive experience assessing applications for security vulnerabilities and working with clients to prioritize remediation. FishNet Security helps clients proactively develop secure applications and identify true vulnerabilities to focus on remediating.

1. Securely Enabling Business
Application Security
Challenges
Today’s businesses rely on applications for their business to grow,
and due to fast development, sensitive information is at risk.
As applications become more web-based and critical, exposure
increases and security becomes more important.
FishNet Security’s Solution
FishNet Security provides a customized approach and understanding for each organization. Our consultants recognize
business drivers, goals and tailor solutions to meet the specific initiatives of each organization.
FishNet Security helps clients take a proactive approach to developing secure applications in the most efficient and
effective manner.
Offerings
Application Security Assessment: Secure Code Training:
Application Security
▪ Analysis of an application’s security posture in a runtime ▪ Application security training for personnel involved in
environment application development, administration, and information
▪ Identify security vulnerabilities, weaknesses, and security
other bad practices within the application logic and ▪ Taught by senior consultants that understand and explain
supporting infrastructure the theory and technical details of application attacks,
remediation and mitigating controls, secure development
Secure Code Review: processes, testing procedures, security tools, and
▪ Analysis of an application’s functionality and logic for relevant technologies.
security issues 1
Application Threat Modeling:
▪ Identify security vulnerabilities and other improper
coding issues within the application that could allow ▪ Guided development of an application’s security posture
www.fishnetsecurity.com
security-related attacks based on qualification of risks, threats, vulnerabilities,
and weaknesses to the application and the business it
▪ Optionally validate potential vulnerabilities in a runtime supports
environment
▪ Workshop facilitated by senior consultants that understand
Database Security Review: and explain the theory and technical details of application
attacks, remediation and mitigating controls, secure
▪ Review of the configuration and security posture of a development processes, testing procedures, security
database instance/server
tools, and relevant technologies
▪ Identify technical vulnerabilities and weaknesses
within the database instance and server as well Secure SDLC Review:
as operational security issues related to database ▪ Guided development of an organization’s secure application
administration and use development environment
▪ Implement development practices that enable the
development of secure applications that includes both
proactive controls and reactive validation of those controls
Why FishNet Security?
FishNet Security is equipped with a dedicated team who understand business and technical needs, as well as a long history of
building information security programs and architectures for organizations of all sizes and within various industries.
FishNet can assist organizations in building a new holistic application security program, as well as review various aspects
of an existing application security program. Our organization has a board base of experience in assessing applications
for security flaws, including web-based, client/server, rich media, portal/applet based, and thick/thin applications.
Organizations, with the help of FishNet Security, can also identify true vulnerabilities and the client can focus on proper
remediation of vulnerabilities instead of specific attacks.
Our consultants provide a wide array of knowledge and skills in both real-world development and application security,
which allows secure development of applications and verification that the application remains secure.
ID# 09SS0048
Corporate Headquarters 1710 Walnut St. Kansas City, MO 64108 • 888.732.9406 © 2009 FishNet Security. All rights reserved.

2. Securely Enabling Business
Application Security
Success Stories
FishNet Security performed in-depth security reviews.
FishNet Security was contracted by a large retail organization to perform in-
depth security reviews of three critical applications: a web-based e-commerce
application, a SOA application with additional web front-end for account
management, and a fat client (C++) application used by internal personnel
for system administration. For each application, FishNet Security reviewed
application and network architectural diagrams, reviewed source code for each
application, and performed network and application security assessments. In
conjunction with application threat modeling, FishNet Security provided prioritized,
actionable recommendations to improve the security posture of each application
as well as the organization.
Application Security
Application security reviews improve organizations development process.
FishNet Security performed multiple application security reviews for a financial services company in order to
improve the organization’s application development process. FishNet Security first reviewed application and
network architectural diagrams and performed an application security assessment of the organization’s primary
web application. The results of this phase of the assessment were used to deliver custom secure code training to
the organization’s developers, development managers, and information security personnel. FishNet Security then
2
developed a road map to improve the organization’s secure software development process to ensure applications
were developed securely with the proper security controls in place before going into production.
www.fishnetsecurity.com
FishNet Security provides annual application security assessments
for large healthcare provider.
FishNet Security has performed annual application security assessments of many
(40+) web applications for a large healthcare company developed by the organization
and its subsidiaries for more than three consecutive years. These applications vary
in functionality, technology, and complexity as well as the targeted user industry. By
analyzing annual and per-application data, FishNet Security can provide critical application
security metrics to management in order to help the organization focus on key areas of
weakness within development groups, subsidiaries, and across the organization.
Contact Information
FishNet Security, is a leading provider of security services, training and technologies with a respected national presence
and focused local support.
For more information visit www.fishnetsecurity.com or call 888.732.9406
About FishNet Security
We Focus on the Threat so You can Focus on the Opportunity.
Committed to security excellence, FishNet Security is the #1 provider of information security solutions that combine technology,
services, support, and training. FishNet Security solutions have enabled 3,000 clients to better manage risk, meet compliance
requirements, and reduce cost while maximizing security effectiveness and operational efficiency.
For more information on FishNet Security, Inc., visit www.fishnetsecurity.com. ID# 09SS0048
Corporate Headquarters 1710 Walnut St. Kansas City, MO 64108 • 888.732.9406 © 2009 FishNet Security. All rights reserved.