Our consultants have many years experience of securing web- and native/desktop applications. We conduct penetration tests, code reviews and provide security advisory.

Regardless of what type of application you are developing, application security (AppSec) is fundamental for quality, compliance and cost. The sooner security is integrated in your software developmen lifecycle, the better and more widely accepted it will become.

Apps come in many different flavors, but we are familiar with securing and testing anything from the smallest embedded applications to the most complex, critical systems. In between we find web and mobile applications which is where we, naturally, contribute mostly: we conduct about two web/mobile application penetration tests every month.

Mobile application security is an area in its own.

Secure design and advisory

By addressing AppSec early in the development process, you can improve the overall quality and reliability of your applications. Identifying and mitigating security vulnerabilities in the design phase is typically less costly than addressing them when the product is already released, even more so after a breach has occurred.

We provide experience, insight and objective advisory to help our clients adhere to Best Current Practices for AppSec, system architecture and secure design.

Application penetration testing

You should consider an external application penetration test, where we assess the security of the application by simulating an attack as an external, malicious threat actor, in these cases:

  • when your application is about to be launched, or released after feature changes or bug fixes;
  • after a security incident, to uncover vulnerabilities and finding the root cause of the breach;
  • at least yearly, as new vulnerabilities and attack methods may develop over time;
  • when called upon by compliance, regulation and third-party requirements.

The outcome of an external penetration test provides an improved security posture of your application as well as a learning and improvement opportunity for your management and developers.

Secure your code

We assist our clients in selecting and configuring tools for Static/Dynamic Application Security Testing (SAST/DAST) to be integrated in their way of working, DevSecOps, CI/CD, etc. Finding weaknesses and vulnerabilities with available tools puts you one step ahead against opportunistic attackers and automated attacks which strive to find "low-hanging fruit". It also makes external penetration testing more efficient as time can be allocated to find more complex, business logic related issues.

Our code review services may be part of a penetration test or offered as a stand-alone assignment. We are familiar with and highly experienced in reviewing most programming languages and technology stacks.