Application Security

The Application Security Services portfolio consists of tactical and strategic services to help organizations assess, manage and reduce security risks arising from unsafe software development practices. AT&T Consulting offers four categories of application security services. Application Security Assessment offers automated and manual testing designed to circumvent the logic of the application in order to gain elevated access to systems or information. Application Security Program Management provides an application inventory, identification and assignment of risk classification, development of testing plans and management and execution of the program. The third service, Security Code Review, examines all codes to identify potential weakness and vulnerabilities that could put the application and sensitive data at risk of disclosure or loss. Finally, we offer PCI PA-QSA Application Security Assessment. Visa and MasterCard encourage application development companies to certify payment applications in accordance with the PCI Payment Applications Best Practices program. Applications that meet these standards can be listed on the Visa/MasterCard web sites as PCI approved payment applications.

Application Security Assessments

AT&T Consulting application security assessments identify security vulnerabilities by reviewing and probing an application's security controls. This "black box" security testing examines an application's run-time behavior using a variety of techniques customized for each application type. Tests are performed both from the perspective of a trusted user and as an anonymous user (without valid user credentials). AT&T Consulting incorporates standards and best practices from sources such as the Open Web Application Security Project (OWASP) and the Payment Card Industry's Payment Application Best Practices.

Application Security Program Management

Our Application Security Program Management services start with a review of your objectives and current processes. AT&T Consulting then combines elements from our Application Security practice to help you establish a comprehensive approach to application security. This includes metrics, training and management reporting covering all key aspects of the application development lifecycle.

Security Code Review

Application code review service typically starts off with an application security architecture review, AT&T Consulting analyzes the application's source code from the perspective of a developer looking for design flaws, programming flaws and the use of vulnerable functions or programming constructs. Based on the rise in application security risks, code review has now become a best practice as well as a step of due diligence.

White Papers