By not being aware of the vulnerabilities within its online application, a company faces the risk of being breached and not knowing it. This will not only place the company at risk, but also the entrusted information of business partners and its clients. The outcome of the public relations fallout could be devastating for the business of the company. For this reason Application Vulnerability Assessments are part of security compliance and are usually exercised on a bi-annual basis or at the time of a major application development release.

With extensive experience in technology audits, RSS Inc. offers an Application Vulnerability Assessment (AVA) Service that caters to client needs, of all industries and sizes. Our service encompasses both security and privacy risks. Our seasoned professionals have performed vulnerability assessments and penetration testing engagements in various public and private sector organizations.

Prior to commencement of the AVA engagement, RSS Inc. jointly with client will establish the following:

                                        Attacker Classification - Serves to identify the category of attacker, our team will mimic
                                        Information Disclosure - What level of initial information disclosure between our team
                                           and client's technical team will be exercised
                                        Engagement Controls - Are different test-cycle scenarios

Testing cycles are designed to be executed in three levels:

                                        Without Credentials
                                        With User Credentials
                                        With Administrator Level Credentials

Our team will perform the following variety of application group-based attacks:

                                        Authentication & Session Management
                                        Canonicalization
                                        Configuration Management
                                        Cryptographic
                                        Input Validation
                                        Null Characters
                                        Overflows
                                        Parameter Manipulation
                                        System and User Information
                                        Privacy Assessment

AVA outcomes will be summarized in a final written report along with the findings, recommendations and supporting evidence. RSS Inc. team will recommend the improvements in a pragmatic manner taking into consideration the current technology investments and code development practices. This will ensure that our clients are familiar with the recommendations and improvements we are suggesting. Our team will ensure that the proposed plan of mitigation activities augments the client's engagement goals and the overall corporate security governance journey.

RSS Inc. team will work in tandem with the client assigned team throughout the entire engagement thus ensuring completeness of the knowledge sharing.

Solution Benefits
By engaging RSS Inc. as a neutral third party auditor, clientele will be provided with unbiased information of identified vulnerability within its customized on-line application. Furthermore, it will enable companies to utilize seasoned professionals who have played a technology audit role in various public and private sector organizations. By bringing the external experience to the table, our clients will be in the position to shorten the information security governance maturing phase.

The immediate benefit of an application assessment for an organization is to identify known vulnerabilities within the environment before an adversary can find them. It allows for the chance to identify weaknesses in security controls set in place to prevent and/or detect vulnerabilities. This provides a proactive approach towards identifying vulnerabilities, misconfigured settings, and/or missing secure software development controls.

By having access to industry-leading security specialists, the client can rest assure that the assessment will be non-intrusive to their operations. The pragmatic recommendations, stemming from AVA findings, will enable companies to utilize their on-line application securely and to prioritize budgetary funds in the quest to enforce corporate compliance.

Overall, AVA activities will help in corporate risk mitigation by minimizing the potential disruptions of business activities and deliver value by ensuring that the promised benefits match up against the strategy. RSS Inc. team will provide mid and long-term plans containing milestones for improving application security controls.