Security Patterns

Samples of application security vulnerability patterns.- "DeepSource Application Security Patterns"

White Paper

Primeon's new whitepaper - "Enterprise Applications: Wide Open to Attack in 2016" - tells business execs and IT managers the truth about application risk issues in 2016.

Resource Links

Common Vulnerability Scoring System Version 2 Calculator

Open Web Application Security Project (OWASP)

SecurityFocus Bugtraq Database

Registry Whois Search

Microsoft - URLScan Tool

Metasploit Project - for penetration testing, IDS signature development, and exploit research.

National Vulnerability Database Version 2.0

Application "DeepSource" Reviews for Source Code Quality

Primeon offers a comprehensive, Best Practices Application Quality Assurance Code Assessment Service whose brand name is known as "DeepSource". A DeepSource code review for quality is an independent review of source code that assesses the architectural design, business logic, application implementation and performance of a developed application. It is a 3rd party, independent assessment of an application's quality.

The methodology applied to this assessment is a top-down analysis approach including four levels:

I. Application Architectural Design Profiling - High level application analysis to determine a) whether the application design is based on a sound framework and meets a set of good design considerations, and b) whether the architecture of an application includes necessary supports to ensure required performance, stability, scalability, maintainability and data integrity in the application.

II. Implementation Assessment - Middle level analysis to verify expected business logic has been properly and efficiently implemented in the application.

III. Coding Inspection - Application review to identify low level coding issues.

IV. Performance - Application review for performance bottleneck issues.

This DeepSource QA code review provides a true independent look at an application with respect to:

  • Resource Management: Socket/Memory not released, database connections held too long
  • Code Quality: Adherence to coding standards including Best Practices and/or client defined
  • Documentation: Comprehensive and well-maintained development documentation
  • Functionality Issues: Transactions not closed, race conditions, etc.
  • Data Integrity: Data unprotected for sharing, data input validation
  • Configuration Management: Incorrect configuration which affects performance and quality
  • DeepSource Assessment Activities Provided by Primeon

    The DeepSource application assessment includes the following activities:

    1. Architecture and design analysis, business function analysis - Primeon's assessment team gains an understanding of the application by using application documentation, the run-time environment and source code.
    The architecture and design analysis is a useful tool for identifying issues within the application architecture and for prioritizing components for implementation review. The review will identify the key algorithms used and component/module abstraction. Specifically, Primeon's engineering team will use the DeepSource Issue Modeling Technique, which is composed of the following components:
  • Information Collection
  • Application architecture modeling
  • Issue candidates selection
  • Prioritizing the source code review
  • 2. Source code review - Primeon's assessment team reviews source code from the target application code base using the DeepSource Toolkit, which helps perform static analysis of the code. The proprietary DeepSource Toolkit is a collection of programs, scripts, rules, check list, and filters that are used by Primeon's engineers to sift through the code to find instances of issues, errors and vulnerabilities. These language analysis tools have been developed and refined over the past fifteen years and have been used to analyze over one billion lines of code in over 80 different programming languages and databases. These tools are kept in a repository available to Primeon's engineering team, so that new techniques and scripts are quickly made available.

    Copyright © Primeon, Inc. 2016