Skip to main content
Service

Kaspersky Application Security Assessment

Uncover vulnerabilities in applications of any kind

Overview

Whether you develop enterprise applications internally or purchase them from third parties, you’ll know that a single coding error can create a vulnerability – a vulnerability that can expose your business to attacks and result in considerable financial and reputational damage. New vulnerabilities can arise during an application’s lifecycle through software updates or insecure component configuration, as well as through new methods of attack.

Black-box testing

Emulating an external attacker without prior knowledge of the application's internal structures and workings

Grey-box testing

Emulating legitimate users with a range of profiles

White-box testing

Analysis with full access to the application's source codes

Application firewall effectiveness assessment

Testing with and without the firewall enabled to verify whether potential exploits are blocked

Case Studies

Eхplore examples of Kaspersky Lab security solutions at work in the field

Merkeleon

Starting in 2009 Merkeleon has developed innovative platforms for marketplaces, online auctions and cryptocurrency exchange. With Kaspersky the company has achieved great synergy between crypto development expertise and in-depth knowledge of cyber threats and security algorithms.

World Chess Federation

In February 2017 FIDE, World Chess and Kaspersky Lab jointly announced a cybersecurity partnership, initially embracing the two-year World Chess Championship cycle in 2017-18.

The Use

  • Kaspersky Application Security Assessment helps to:

    • Prevent financial, operational and reputational loss by proactively detecting and fixing the vulnerabilities used in attacks against applications
    • Save remediation costs by tracking down vulnerabilities in applications still in development and testing before they reach the user environment where fixing them may involve considerable disruption and expense
    • Support a secure software development lifecycle
    • Comply with government, industry and internal corporate standards, such as GDPR or PCI DSS
  • Vulnerabilities which may be identified:

    • Flaws in authentication and authorisation, including multi-factor authentication
    • Code injection (SQL Injection, OS Commanding, etc.)
    • Use of weak cryptography
    • Logical vulnerabilities leading to fraud
    • Client-side vulnerabilities (cross-site scripting, cross-site request forgery, etc.)
    • Insecure data storage or transferring, for instance, lack of PAN masking in payment systems
    • Disclosure of sensitive information
    • Other web application vulnerabilities
  • Results are detailed in a final report and include:

    • Detailed technical information on the assessment processes
    • Vulnerabilities revealed and recommendations for remediation
    • An executive summary outlining management implications
    • Verification of compliance with international standards and best practises
    • Videos and presentations for your technical team or top management can also be provided if required

Related to this Service