One often finds vendors of so-called application security services merely run applications through a set of black-box audit tools or source-code auditing programs. This is not the way to find anything but the most trivial vulnerabilities.
Since each application is different, the only way to eIntegerz thorough testing is to adopt a customized approach towards assessing its security. This process can never be automated. What is required is an in-depth understanding of the business case and functionality of the application. Armed with this, I-SECURE SOLUTIONS technical consultants discover vulnerabilities that actually affect your business. It is also essential that the testers adopt a standardized methodology.
There are Basic approaches to application security, they are:
Black-box testing – Testing an application without access to the source code.
Grey-box testing – The approach is similar to black-box testing, however the attack team is given the same privileges as a ‘normal’ user of the application.
White-box testing – Often called a ‘code-review’ exercise, the application security team is given full access to the source code of the application.
