Skip Ribbon Commands
Skip to main content

Application Security Health Check Service

A decade of infrastructure and network hardening has pushed hackers up the technology stack to exploit application security vulnerabilities as the easiest entry to your critical business systems. 

Gartner formulates this as, “perimeters and firewalls are no longer enough; every app needs to be self-aware and self-protecting”. 

However, the IT industry in general has not matured its application security capabilities. Application security is for many vendors and organizations still a secondary concern, until a security or data breach in their systems is detected. However, companies can no longer afford this approach, as the EU General Data Protection Regulation imposes substantial fines on data leaks of personal information. 

NNIT is responding to this challenge by launching an Application Security Health Check Service.

"With the increased focus on security, the evolving threat landscape, and the risk of substantial fines in the event of a data breach, securing business applications has become vital for any company."

Application Security Health Check Service

The purpose of the Application Security Health Check Service is to conduct a comprehensive assessment using a holistic approach in order to assess if the application in question is:

  • Secure by Design

  • Secure by Implementation

  • Secure by Configuration

Secure By Design

Has the application been designed to counter threats against the confidentiality, integrity, and availability of the data it processes?

Secure by Implementation

Has the application been implemented in accordance with secure coding best practices and using only approved third-party components and libraries?

Secure by Configuration

Has the application been configured and deployed according to the principle of least privilege in order to minimize the attack surface that can be exploited by an attacker?

The service is tailored for companies with development teams that are challenged by the increasing security demands imposed by the evolving threat landscape and the EU General Data Protection Regulation.

The output from the service is a health check status that describes the detected security vulnerabilities and the risks that they pose to the application and its data, along with the recommended mitigation strategies.

Key Activities

The following sections describe the key activities in the Application Security Health Check Service. However, the service can be tailored to meet your business needs.

Stakeholder Interview

The first activity in the service is to conduct a stakeholder interview in order to clarify the scope for the health check along with the application’s data classification, security requirements, and key business concerns.

Threat Modeling

Based on the input from the stakeholders, threat modeling is carried out in order to determine if the application design adheres to the security requirements and to uncover any design weaknesses that can be exploited by an attacker.

Developer Dialog

A workshop is conducted using the threat model as a collaborative tool in order to engage the development team in a dialog about potential design weaknesses and improvement opportunities.

Code Inspection

A code review of the critical security controls in the application is conducted along with an evaluation of any third-party components and libraries used in order to assess if secure coding best practices have been adhered to during development.

Penetration Testing

Web interfaces are subjected to a combination of automated and manual penetration testing, as they are a preferred attack vector for cyber criminals.

Risks & Recommendations

The security vulnerabilities uncovered during the threat modeling, code inspection, and penetration testing activities are rated based on the risks that they pose to the security of the application, the data it processes, and the business that relies on it; the findings are consolidated into a final report, along with recommendations about how to mitigate each detected security vulnerability.

Who are we?

The NNIT Application Security Team consists of highly skilled professionals, specialized in designing, implementing, and testing applications with critical security and privacy requirements. It is on that solid foundation in application security that we have condensed the pertinent knowledge of best practices into the Application Security Assessment Service.

Learn more

If you want to learn more about this service, please contact Thomas Lund Erichsen at



Thomas Lund Erichsen+4530756951tmln@nnit.comManager - Application Security Lund Erichsen



Digital transformation: Stories from the field transformation: Stories from the field
Bring your digital transformation up to speed - or risk falling behind your digital transformation up to speed - or risk falling behind
Infosecurity 2020 2020
Are you prepared to protect your business-critical IT? you prepared to protect your business-critical IT?
Are you prepared to protect your business-critical IT? you prepared to protect your business-critical IT?
Protect your gold: How to avoid your data ending up in the wrong hands your gold: How to avoid your data ending up in the wrong hands
NNIT Expectation Barometer 2019 - Digital at Scale Expectation Barometer 2019 - Digital at Scale
How scammers attack your company using CEO fraud scammers attack your company using CEO fraud
VR Cybersecurity Training Cybersecurity Training
Cloud Security Security