The Atomic Fission Advantage
As more and more applications are being driven to the web browser, web application security has become an integral prerequisite of online business. Unfortunately, the landscape of application security has become a complex road to navigate. Hundreds of vendors and consultancies offer a dizzying array products and services; many of which are highly specific and address only bits and pieces of the overall need for web application security.
Whenever a business spends dollars on application security testing, there should be an expectation of high return on investment. While many security consultancies consider running an automated software scan against your web site sufficient, Atomic Fission instead leverages years of both network security and software development experience to provide the customer with a more comprehensive view of risk. Automated tools are coupled with human examination of business logic, input/output validation, and data flows to provide an extremely comprehensive view of a given application's security posture.
Providing the customer with only a laundry list of web application problems never sufficient. When testing is complete, Atomic Fission adds further value by providing guidance on resolution as well. Multidimensional reports are tailored for specific audiences in order to provide an optimal understanding of risk. While management and business stakeholders are provided a high-level executive summary of the risks associated with the test findings, developers and other technical staff are presented with a succinct view of problems and resolution details in order to quickly address and mitigate the issues at hand.
Tools and Methodology
Atomic Fission uses a variety of open source and commercial software tools along with custom-built scripts and proprietary utilities to simulate intrusion attempts. Baseline scans as well as follow-up delta analysis iterations can be conducted on any CGI-compliant web platform, including LAMP (Linux, Apache, MySQL, PHP) and Java 2 Enterprise Edition (J2EE) software stacks.
When conducting security tests of any kind, it is imperative that the testers, developers, and IT department are all speaking the same language. As such, Atomic Fission utilizes the industry standard OWASP Application Security Verification Standard (ASVS) as a means for providing test results. The ASVS provides a common means of risk measurement and allows various developers and security analysts to share common metrics and terminology.
Click or call Atomic Fission to schedule a web application security testing consultation. |
|
|
Services 
