DigitalDefence
Home > Protect > Application Security

Application Security

More than 80% of information security attacks occur at the application level

Is security integral to your development process, or “added in” at the end of development?

Do you need to reduce the costs and complexity of deploying business applications, while reducing risk and complying with regulations?



Business applications are becoming more complex; the required functionality is increasing as users and partners expect to be able to access information and complete online transactions. Commercial applications are being used in unexpected ways as people push them to keep pace with customer requirements. At the same time, pressure is being put on development staff to promote internally developed applications to production as quickly as possible.

How do you secure these applications in the existing threat environment?

Application security is the result of addressing underlying vulnerabilities during the Software Development Lifecycle (SDLC) - design, development, deployment, maintenance and termination of an application.

Typical applications that are addressed through this service include:

  • Automated control systems, including SCADA and industrial control applications
  • Databases, including DB2, Microsoft SQL, mySQL, and Oracle
  • Enterprise management applications (Baan, PeopleSoft, SAP)
  • Messaging applications (Blackberry, Lotus Notes, Microsoft Exchange)

    DigitalDefence’s application security service aligns the technical aspects of application security to client business requirements and ensures the delivery of cost-effective and meaningful solution.

Service Delivery

DigitalDefence’s Application Security service is built around the secure development lifecycle (SDLC) model, and includes:

  • Definition of security requirements
  • Review of client policies and procedures
  • Architecture and Design review with development staff, management, and business owners to clarify business and security objectives, architecture, and design assumptions
  • Management and controls review to ensure that the most effective security practices are integrated into the security lifecycle development process
  • Threat modeling, a structured process to identify and document security threats to the application
  • Static source code analysis using automated tools and manual inspection
  • Penetration testing of the application, the server hosting it, and its interactions with other network and data resources
  • Reverse engineering, or "taking apart", applications to understand their functionality (if required)
  • Review of current coding practices to ensure maximize the security delivered in the final product
  • Application security awareness training and technical training

Datasheet – Application Security [68 kb]