Business applications - the ones your organization relies on every day - can also be one of your most significant vulnerabilities. And network security does little to help. Cybertrust's suite of application testing services allows you to select the level of effort that best fits your organization's needs. We will analyze your applications and supporting infrastructure, and make them secure from the inside out. In addition, we can certify your applications so you can prove to auditors that you are meeting regulations set out in ISO 17799/BS 7799, Sarbanes-Oxley, HIPAA and Visa/MasterCard PCI Data Standards.

Application Security Review
Typically the first plan of action for determining vulnerabilities, this service offers a detailed security analysis of an application, its supporting infrastructure, and its security development lifecycle. It is designed to help establish a solid application security foundation and baseline, and to build and maintain security applications.

What we check:

• Security-relevant people, processes and procedures
• Application infrastructure
• Application source code
• Application functions

Application Vulnerability Assessment
Cybertrust can also provide an in-depth, comprehensive examination of the entire application lifecycle, providing a complete assessment of your web or externally accessible application. The assessment includes input validation, access controls, forceful browsing, cookie manipulation, session management, encryption, password policies, information disclosure, known vendor vulnerabilities and code reviews (if applicable).

Application Certification

Cybertrust offers a certification program for application testing. The testing is performed quarterly over the course of a year. Vulnerabilities discovered in the previous quarter are also re-assessed to ensure the vulnerabilities have been closed. For information on additional information security certification programs we offer, click here.

Application Code Authentication
If you electronically distribute an applet or application, the recipient needs a way to verify the code came from you and was not intercepted and modified in transit by a malicious user. Browsers typically exhibit a warning message explaining the possible dangers of downloading data, but do nothing to actually verify whether the code is valid.

Cybertrust SureCodeSign certificates enable software vendors and individual developers to digitally sign the software they distribute over the Internet – allowing people who use the software to verify the identity of the organization and the person who developed the software.