The Clear Skies Application Assessment provides for a rapid security assessment of the applications vulnerabilities
either providing initial validations before systems go live, or utilizing re-occurring testing to ensure the application
remains secure. The testing leverages a basic “black-box” methodology to test the overall system for security issues.
This initial examination helps identify common application vulnerabilities and logic errors that would not be the focus of
normal penetration testing techniques. Additional testing will be done on critical source code components to help identify
programming errors that may not be identifiable from external testing.
- Identifies both standard application vulnerabilities as well as
as logic errors that can not be found through automated scanning
- In-depth analysis of application risks above and beyond normal Penetration Testing
- Conducted remotely (via the Internet) if the system is live, or within a lab environment
to allow for a wider range of testing techniques
- Detailed recommendations
to reduce risks
- Business analysis provides
Clear Skies’ methodology
of Application Testing combines extensive technical testing with specialized analysis of findings to present a comprehensive
view of the risks associated with each identified vulnerability. An Application Assessment from Clear Skies incorporates
extensive technical vulnerability testing utilizing multiple user perspectives, manual logic bypass testing, as well targeted
source code review for a comprehensive evaluation of the application’s security controls. Many companies that claim to do Application
Assessments only do automated vulnerability scanning using commercial security scanners with no manual analysis. This manual analysis
of the application’s execution logic is critical to properly assess the overall security of the application. Regardless of how well
the application code is written, if the underlying business logic is flawed, data leakage or access privilege execution may occur.
These are conditions that automated scanners simply cannot be programmed to examine.
The Clear Skies Application Assessment will examine the entire application environment using a combination of
automated scanners, manual exploitation techniques, and targeted source code review as well as technical testing of the systems and devices that support
the application environment. Upon completion of the testing, all identified vulnerabilities are documented with a detailed description
of the issues, as well as recommended corrective actions to help eliminate the risks going forward. Each vulnerability’s risk is evaluated
from business and technical perspectives, and an overall risk rating is provided.
The end goal of the assessment is to not only find the vulnerabilities, but also to provide an analysis of the application’s data that is at risk.
If application or system exploitation is successful, a detailed step-by-step narrative explaining how the exploits actually worked and what data could
be compromised is provided. Screen captures are utilized to illustrate and showcase the entire process so that the issues may be re-created, if necessary.
Skies works hard to fulfill our promises
and commitments in helping our customers
be as strategic as possible in managing
their information security objectives.
Our consultants have years of experience
with security testing throughout multiple
industries, and this knowledge base
is one of the key differentiators for
Clear Skies. At Clear Skies we take
pride in our quality deliverables and
our client satisfaction, and ultimately
we want to ensure our Intelligence Secures