Application Security Assessment Services

Simulate real-world attacks to find your weak points before a malicious attacker does.

RatioSec offers two different approach to assess the security of your applications:

  • A Penetration Test (PT) is a manual, intrusive approach used to identify security weaknesses in applications and infrastructures and provide recommendations for their mitigation.

  • A Vulnerability Assessment (VA) is a semi-automated, non-intrusive approach to produce a prioritized list of security vulnerabilities, and whilst not as in depth as a manual penetration test this kind of assessments can discover new vulnerabilities in a timely fashion.

Applications assessed are often web applications or web services, but all types of application can be susceptible to security weaknesses. We will demonstrate their real impact from the attacker’s perspective preventing any future attack which could lead to unauthorised entry, service disruption, data theft, and financial loss.

RatioSec security specialists developed its own application testing methodology based on industry best practice including the OWASP Guide, SANS CWE Top 25, and CERT Secure Coding. The Penetration Test services provide assurance that an application is safe, secure, adherent to security best practices, and satisfy the requirement for compliance with regulations such as PCI DSS and FISMA.

Each assessment result is documented in a report that contains the complete list of identified vulnerabilities, classified according to their relevance through a risk-based standard methodology. To assist during the vulnerabilities fixing process, all detected issues are widely detailed with clear recommendations including the necessary steps to reproduce them, and for each one suggestions and directions for the proper fix are provided.

Find here the security assessment services we provide to your business:

Web Application / Web Service / Web APIs Security Assessment

The web applications are often the most exposed services which need constant security assessments to minimize the risk of service disruption and data leaks. The security tests are necessary even when end-users cannot directly operate on the application, like when dealing with APIs and web services.

Mobile Application / Device Security Assessment

The applications running on modern mobile operating systems such as iOS and Android often interact with critical business systems and access highly sensitive data. We test the correct configuration of the underlying operating system, the application static analysis, the application binary analysis, and the network traffic analysis to ensure that information are safely transmitted.

Embedded Devices Security Assessment

The embedded systems are the bricks that the Internet Of Thing is built with, constantly growing in number and increasingly subject to sophisticated attacks. We will identify vulnerabilities on the firmware and hardware making you aware of any potential risk before any weakness is exploited by the attackers.

Thin / Fat Clients Security Assessments

We also conduct security assessment for any standard desktop applications (thin and fat clients) used by your company. As any other application type, it security needs to be checked in order to identify security weaknesses in applications and provide recommendations for their mitigation. They provide assurance that an application is safe, secure and in adherence to good security practices.