Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Ibm app security assessment_ds
1. Providing comprehensive security assessment
of applications and network infrastructure
IBM Application
Security Assessment
Identifying application vulnerabilities unsecured applications, as attackers
Highlights to prevent security breaches are increasingly targeting such appli-
Application security is a frequently cations. Without proper security,
Identifies application security overlooked component of a security applications are perhaps the most
issues before they can be plan. Developers are under pressure high-risk component of any network
exploited to bring custom applications of all infrastructure. Due to the sensitivity
kinds (such as Web applications, of the information that applications
Helps safeguard the integrity
customer relationship management may house, the security of applications
and security of sensitive,
systems, accounting systems, etc.) can also impact compliance with gov-
business-critical data
online quickly. This often results ernment and industry regulations.
Enables secure extension in insufficient security testing and
of business applications validation, leaving the applications Safeguarding custom applications
vulnerable to exploitation by both IBM Application Security Assessment
Helps improve productivity is designed to enable you to balance
internal and external attackers.
by avoiding application time-to-market demands with security
downtime and increasing These applications are designed to best practices. The Application Security
user confidence be accessible by customers, partners Assessment provides a targeted code
and employees. They frequently house review and a comprehensive vulner-
sensitive data that can be accessed ability assessment of the application
across networks, via extranets or by and the network infrastructure directly
anyone over the Internet. Protecting the supporting the application to determine
confidentiality, integrity and availability security weaknesses and misconfigu-
of this data is crucial. Recent events rations. Applications are reviewed
demonstrate that there is a flourishing from both a technical and nontechni-
underground marketplace for stolen cal perspective, revealing security
personal information such as credit weaknesses and providing detailed
card numbers, account numbers and recommendations for the remediation
Social Security numbers. Much of of vulnerabilities discovered.
this information is harvested from
2. Benefits • Determines security weaknesses Enhancing protection through proven
• Provides security-rich extension of and misconfigurations through methodology
business applications comprehensive vulnerability assess- The IBM Application Security Assessment
• Identifies application security issues ment of the application and network is based on a proven methodology that
before they are exploited infrastructure directly supporting includes:
• Increases real-world perspective into the application
hacker techniques and motivations • Conducts technical testing by • Information gathering — investi-
• Identifies specific risks to the IBM Internet Security Systems gation of application design and
organization and provides detailed (ISS) security experts who have programming from the developer’s
recommendations to mitigate them strong backgrounds in software perspective to determine format
• Supports user confidence in applica- development with a focus on Web for testing
tion security application development • Technical testing — assessment of
• Helps prevent application downtime • Provides a targeted, cost-effective the application to uncover security
and improve productivity code review to identify areas in vulnerabilities and weaknesses
• Supports efforts to achieve and the code that can be improved for • Targeted source code review —
maintain compliance with govern- greater security targeted, cost-effective review of
ment and industry regulations • Provides a detailed report with the application code that will
recommendations for mitigating provide solid recommendations
Features discovered risks for improving the code for greater
• Assesses application vulnerabilities • Includes support from the IBM security
that may jeopardize the confiden- Internet Security Systems X-Force® • Deliverables — detailed report
tiality, integrity and availability of security intelligence team, a world on the application’s current
critical or sensitive data authority in vulnerability and security posture and detailed
• Performs a functional review of the threat research recommendations for remediation
application from both a client and of vulnerabilities discovered.
server perspective
3. Why IBM Internet Security Systems? Trusted partnership — We work with your For more information
IBM Professional Security Services from key staff and management to design a To learn more about IBM Application
IBM ISS offers among the best security customized plan that meets your organi- Security Assessment, contact your
consulting services in the industry. Our zation’s security goals. IBM ISS representative to schedule a
expertise, tools and methodology com- consultation. Call 1 800 776-2362, send
bine to deliver: Specialized skills and tools — Our an e-mail to consulting@iss.net or visit:
consultants combine proprietary and
Security expertise — Our team of industry-leading security assessment ibm.com/services/us/iss
security experts comprises senior tools with in-depth analysis of vulnerability
security professionals who have data to evaluate and build an effective
honed their skills through corporate security program that enhances your
security leadership, security consulting, business operations.
investigative branches of the govern-
ment, law enforcement and research World-class security intelligence — IBM
and development. ISS consultants are supported by the
X-Force team, our globally recognized
Staff cost savings — We offer the experi- research and development team. This
ence and skills of our Professional combination helps enable us to provide
Security Services team for less than you with the best security solution for
the typical cost of hiring a single in- your business.
house security expert.