Security Patterns

Samples of application security vulnerability patterns.- "DeepSource Application Security Patterns"

White Paper

Primeon's new whitepaper - "Enterprise Applications: Wide Open to Attack in 2016" - tells business execs and IT managers the truth about application risk issues in 2016.

Resource Links

Common Vulnerability Scoring System Version 2 Calculator

Open Web Application Security Project (OWASP)

SecurityFocus Bugtraq Database

Registry Whois Search

Microsoft - URLScan Tool

Metasploit Project - for penetration testing, IDS signature development, and exploit research.

National Vulnerability Database Version 2.0

Application "DeepSource" Code Reviews for Security

Application Source Code Security Reviews are the ultimate tool for in-depth analysis of application security vulnerabilities. Primeon engineers review source code in all programming languages to uncover software security flaws at the source. Primeon offers a comprehensive, Best Practices Application Code Vulnerability Assessment Service whose brand name is known as "DeepSource".

What is a Primeon DeepSource Code Review?

A DeepSource code review is an independent review of source code that assesses the architectural design, business logic and security posture of a developed application.

This provides a true independent look at an application's

  • Code design
  • Use of technology components
  • Security flaws
  • The end result of a DeepSource review is a comprehensive easy-to-read actionable report.

    For each security exposure instance, DeepSource Reports provide the following information:

  • Exact exposure location within the code base, including module and actual lines of highlighted code
  • Precise technical description of the exposure
  • Likely operational impact when exposure is exploited
  • Specific remediation guidance to close the exposur
  • Overview
    Discover application security vulnerabilities using static source code analysis and dynamic analysis.
    Deep understanding of application to discover risks posed by even the most knowledgeable insider.
    For the most comprehensive testing coverage, it is combined with Application Penetration Testing and Threat Modeling.

    Key Business Benefits
    Identify and mitigate risk posed by all attackers, including malicious insiders, to eliminate potential attacks that could affect the "brand" image of your company in the marketplace.
    Decreased overall cost by identifying larger number of vulnerabilities
    Decrease risk by applying a unique methodology aimed at identifying deeply-rooted, major impact vulnerabilities that go undetected with other approaches.
    Improved compliance with regulations and control frameworks, such as the NIST, Sarbanes Oxley (SOX), FFIEC, Graham-Leach-Bliley Act Security Compliance (GLBA), Basel II Compliance, Payment Card Industry Data Security Standard (PCI DSS), COBIT, ISO 27001 (formerly 17799), etc.

    Our Approach
    Primeon' approach to Application Source Code Security Review involves:
    Threat Analysis - Incorporate the full threat analysis methodology
    Cursory Review of Code-All reviewers gain a high-level understanding of code in order to be able to understand subsequent steps
    Separation of Code-As with Threat Analysis, divide code into sections based on identification of pertinent security areas so that review work can be assigned to different individuals
    Maintain Code Notes-Make notes on vulnerabilities and document each specific finding
    Detailed Code Analysis-Search through code to identify security vulnerabilities. Identify and separate individual errors from systemic issues. Identify systemic issues separately and present recommendations in summary report.
    Review for Language-Specific Issues-Look for known issues specific to the platform being reviewed (e.g. improper use of Java logger, buffer overflow conditions in C++, remote procedure calls communication etc.)

    Copyright © Primeon, Inc. 2016