Security Patterns

Samples of application security vulnerability patterns.- "DeepSource Application Security Patterns"

White Paper

Primeon's whitepaper - "Enterprise Applications: Wide Open to Attack in 2018" - tells business execs and IT managers the truth about application risk.
Resource Links

Common Vulnerability Scoring System Version 3.1 Calculator

Open Web Application Security Project (OWASP)

SecurityFocus Bugtraq Database

Registry Whois Search

Microsoft - URLScan Tool

Metasploit Project - for penetration testing, IDS signature development, and exploit research.

National Vulnerability Database

Comprehensive DeepSource Application Security Assessment

Combining Attack Tree, Static Analysis, and Dynamic Analysis

A DeepSource application assessment is an independent review of all aspects of an application including its source code that assesses the architectural design, business logic and security posture of a developed application. This provides a true independent look at an application's

  • Code Design;
  • Use of technology components
  • Security flaws

DeepSource Activities:

1. Architecture and design analysis, business functional analysis and attack model analysis - The assessment team gains an understanding of the targeted application's connectivity and builds a custom attack tree based on Primeon’s DeepSource application security knowledge base. The attack tree identifies areas of potential vulnerabilities that may be investigated for exploitation. Each branch of the attack tree maps out a systematic attack aimed at compromising a specific aspect of the system. The tree structure allows for multiple branches to be investigated simultaneously, greatly reducing the time required to achieve a rigorous assessment. The terminal nodes of an attack tree are the specific tests and exploits to be tested against the system.

2. Source code review – The assessment team reviews source code from the application code base using the DeepSource Toolkit, which assists with static analysis of the code. The proprietary DeepSource Toolkit is a collection of programs, scripts, and filters that are used by Primeon’s security assessment engineers to sift through the code to find instances of errors and vulnerabilities. These language analysis tools have been developed and refined over the past eight years and have been used to analyze over 500 million lines of code in over 80 different programming languages and databases. These tools are kept in a repository available to the entire engineering team, so that new techniques and scripts are immediately available. As our static analysis of the source code progresses, the attack tree is extended based on initial and intermediate findings.

3. Dynamic analysis – Primeon web security experts perform tests by employing advanced ethical hacking techniques informed and optimized by the Attack Tree generated during the static testing phases and leveraging the vulnerability pattern intelligence in the DeepSource knowledge base. Primeon uses a number of tools to assist in the targeted dynamic testing of the application. A typical dynamic testing tool is called DeepSource HTTPTunnel, which offers many analytical capabilities not available in a typical Web browser. For instance, a DeepSource HTTPTunnel can display and record all messages between a Web browser and a Web server in a structured and organized user interface.

4. Analysis and Reporting – Primeon’s expert security team analyzes the collects information and generates a final detailed report. DeepSource Application Security Vulnerability Reports provide an organization with critical information about operational risk to their business in general, and to their applications in particular. For each exposure instance, DeepSource Reports provide the following information:

  • Exactly where the exposure is in the code base, down to the module and actual line(s) of highlighted code;
  • The precise technical nature of the exposure;
  • The likely operational/ business impact of an exploitation of the exposure;
  • Specific remediation guidance to close the exposure.

Copyright © Primeon, Inc. 2022