APPLICATION VULNERABILITY ASSESSMENT

Service Description

Application Vulnerability Analysis is a CAG process for assessing the overall security of an application. Cyber Advisory Group’s approach to threat modeling involves working with the customer to identify high value assets and their role, as well as to identify technologies used and how they are secured. Using this information, we can identify and prioritize threats that are most likely to
impact the target application.

Our Methodology

Documentation and Application Review
We start by collecting configuration and security infrastructure documentation for the web application. This allows us to gain an understanding of the application and how it interacts with external entities. This involves identifying entry points to see where a potential attacker could interact with the application, identifying items that the attacker would be interested in, and identifying trust levels which represent the access rights that the application will grant to external entities.

Identify Threats and Vulnerabilities
Next, we scan your web application infrastructure for vulnerabilities. Using this data and data gathered in the documentation and application review phase, we combine that information with our Threat Intelligence knowledge to identify threats to your web application infrastructure. 

Determine Countermeasures
Finally, we evaluate your protection against threats while accounting for existing vulnerabilities and existing risk mitigations or countermeasures (e.g. compensating controls, defense in depth architecture, etc). Once a risk is assigned to the threats, we sort threats from highest to lowest risk and provide additional recommendations to help you increase the security posture of your web application.

Our Deliverables

In addition to the usual status updates and meetings, CAG will deliver written drafts of the following material:
  • Snapshot of your web application
  • List of vulnerabilities, threat, and identified countermeasures
  • Risk rating based on each threat identified
  • List of recommendations for improving your web application infrastructure
REQUEST MEETING