One of our core services offered to our clients is Assurance testing. Similar to that of Penetration testing without the pitfalls of penetration testing, assurance services provides a level or "risk" and "maturity" of the application security features. When talking with clients over many years, our team determined that although "penetration testing" was a commonly used service, our clients really just wanted to understand the following.

1. Does my application have vulnerabilities that can be exploited?
2. How hard is it for someone to exploit the vulnerability?
3. What can they get access to? Whats the impact of the vulnerability?
4. How do i compare against my competitor's and industry standards?
5. Is the application secure?

In general, penetration testing can answer most but not all of the above questions. As penetration testing is focused on depth (finding exploits), it's difficult to gauge the overall security of the application. So, Penetration testing is capable of answering the first 3 questions. The most difficult question to answer is (5) Is my application secure?. The only way to determine this, is by having a detailed methodology that ensures complete "coverage" across the application and not just common weaknesses in the system. Typically, Appsecure teams find on average 30% more vulnerabilities than previous tests performed, due to the coverage our Assurance testing has against Penetration testing.

Assurance testing programs have been designed by Appsecure, to answer all of the above questions. In most cases, the time, effort and cost associated with using assurance testing over penetration testing is minimal. When conducting Assurance testing, a detailed methodology is used and a great coverage across the application, design, security controls and environment is reviewed. All the common penetration tests are completed, as you would receive in a Penetration test.

Our test teams and internal database of assessments, provides us with a detailed knowledge of comparing assessments against other industry related applications. This helps us to work with our clients on a basic weigthing system, to provide advice on the "industry norm". This is important for any business, ensuring that not only do they adhere to industry standards, but also are keeping up with their competitors. Our industry baselines are placed into categories and measured in averages, clients data is never released or shared. However, it helps to formulate industry averages that in general allow all our clients to measure on their own projects.

 Although similar to that of the testing approach for Penetration Testing the following key differences exist

• All Penetration testing methodology performed (test cases)
• Analysis of the Hosting environment/infrastructure platform from an application point of view
• Third party intergation and review of interconnecting data streams
• Review of ACL/Access control rules
• Understanding and high-level review of architecture design and database connectivity (where available)
• Review of Business logic security control design
• Maturity baseline against similar applications and business units
• Configuration environment (review where possible of implementation)
• Further in-depth analysis across the application components/feature sets

To understand more about Assurance testing, talk with one of our team members today.

	Client Enquiry Request (complete the form below, and we'll contact you) Name:   Company:   Email:   Contact Number:      We take privacy seriously, read our privacy policy