cybersecurity technology, bandwidth computer connection
Cybersecurity

Application Security Health Check Service

A decade of infrastructure and network hardening has pushed hackers up the technology stack to exploit application security vulnerabilities as the easiest entry to your critical business systems.
Gartner formulates this as, “perimeters and firewalls are no longer enough; every app needs to be self-aware and self-protecting”.

However, the IT industry in general has not matured its application security capabilities. Application security is for many vendors and organizations still a secondary concern, until a security or data breach in their systems is detected. However, companies can no longer afford this approach, as the EU General Data Protection Regulation imposes substantial fines on data leaks of personal information.
NNIT is responding to this challenge by launching an Application Security Health Check Service.

"With the increased focus on security, the evolving threat landscape, and the risk of substantial fines in the event of a data breach, securing business applications has become vital for any company."

cybersecurity technology, cameras on grey wall

Application Security Health Check Service

The purpose of the Application Security Health Check Service is to conduct a comprehensive assessment using a holistic approach in order to assess if the application in question is:

  • Secure by Design
  • Secure by Implementation
  • Secure by Configuration

 

Secure By Design

Has the application been designed to counter threats against the confidentiality, integrity, and availability of the data it processes?

Secure by Implementation

Has the application been implemented in accordance with secure coding best practices and using only approved third-party components and libraries?

Secure by Configuration

Has the application been configured and deployed according to the principle of least privilege in order to minimize the attack surface that can be exploited by an attacker?

The service is tailored for companies with development teams that are challenged by the increasing security demands imposed by the evolving threat landscape and the EU General Data Protection Regulation.

The output from the service is a health check status that describes the detected security vulnerabilities and the risks that they pose to the application and its data, along with the recommended mitigation strategies.

Key Activities

The following sections describe the key activities in the Application Security Health Check Service. However, the service can be tailored to meet your business needs.
Stakeholder Interview
The first activity in the service is to conduct a stakeholder interview in order to clarify the scope for the health check along with the application’s data classification, security requirements, and key business concerns.

Threat Modeling

Based on the input from the stakeholders, threat modeling is carried out in order to determine if the application design adheres to the security requirements and to uncover any design weaknesses that can be exploited by an attacker.

Developer Dialog

A workshop is conducted using the threat model as a collaborative tool in order to engage the development team in a dialog about potential design weaknesses and improvement opportunities.

Code Inspection

A code review of the critical security controls in the application is conducted along with an evaluation of any third-party components and libraries used in order to assess if secure coding best practices have been adhered to during development.

Penetration Testing

Web interfaces are subjected to a combination of automated and manual penetration testing, as they are a preferred attack vector for cyber criminals.

Risks & Recommendations

The security vulnerabilities uncovered during the threat modeling, code inspection, and penetration testing activities are rated based on the risks that they pose to the security of the application, the data it processes, and the business that relies on it; the findings are consolidated into a final report, along with recommendations about how to mitigate each detected security vulnerability.


Who are we?

The NNIT Application Security Team consists of highly skilled professionals, specialized in designing, implementing, and testing applications with critical security and privacy requirements. It is on that solid foundation in application security that we have condensed the pertinent knowledge of best practices into the Application Security Assessment Service.


Follow this link to get insights on current and future cybersecurity challenges


Are you prepared to protect your business-critical IT?

The global efforts to control and contain the COVID-19 pandemic is a blunt and brutal reminder of the necessity of solid Business Continuity Management. The widespread quarantine has suddenly made digital workspaces vital and cybercriminals are keen to take advantage. Do you have a plan in place to protect or recover the IT systems that are vital to keep your business running?

Read the full article here


We're a Managed Security Service Provider helping you manage your ​cyber-security strategy, processes, certifications, controls and compliance measures.​

Based on strong partnerships with solution providers, we can build a ​full-scale Cyber Defense Center. We can establish solid identity and ​access management solutions, assess your threat posture in real-time ​and respond to any threat fast.

See more here



New to cybersecurity? Educate yourself on the new digital realities and why cybersecurity awareness is essential to any business today. 

Click here to learn more