Research has proven that detecting security vulnerabilities in earlier phases of the development life cycle results in substantially lower development costs while at the same time producing software with fewer security defects. Skillathon technology can help you achieve these goals by performing a security architecture and design review well before your coding is complete. Uncovering security gaps at this stage will allow you to deploy a more robust application with fewer surprises during penetration testing.

The core of our architecture and design review methodology is a process called threat modeling, in which we evaluate your controls against a wide variety of common threats as well as threats that are specific to your application. If we identify missing or inadequate controls, we provide practical remediation advice that is tailored to your application and business.

ARCHITECTURE / DESIGN REVIEW SERVICES


HOW Skillathon Technologies IS DIFFERENT FROM OTHERS

  • Our security professionals receive better training and have significant application development experience, which is important because web services are essentially programmatic interfaces that are best understood by people with a strong software development background.
  • We have experience testing every major type of web service, including SOAP, REST, and custom protocols, and can work with any form of authentication, from OAUTH tokens to client certificates to custom digital signatures.
  • Our rigorous web service testing methodology and toolset allows us to efficiently gather the required testing information, learn about your services, and perform a thorough security assessment.

OUR APPROACH


PREPARATION – Skillathon Technologies team will verify that it has received the following information from the customer in preparation for the assessment.

  • Design documentation for the application
  • Contact information for application point(s) of contact that can answer Skillathon technology’s questions during this assessment. This would typically include the lead developer and/or architect for the application.

Documentation Review – Skillathon Technologies team will review the application design documentation and become familiar with the overall design and the security controls that are included in the design.

Interviews – Skillathon Technologies team will interview key personnel from the application team to learn about the application’s design, the security controls that are in place, and how the application is designed to protect against a list of common threats. The personnel will also be asked about any specific threats that are of special concern for this application.

Threat Modeling – The application and supporting infrastructure’s design will be assessed against a list of common threats to determine whether or not sufficient security controls are built into the design. This list of threats will include, but is not limited to:

  • Attacker brute-forces a user’s credentials
  • Attacker gains access to user’s session ID
  • Attacker access the application without valid credentials
  • Malicious user retrieves another user’s data
  • Attacker gains access to the back-end database
  • Attacker crashes the application, denying service to other users
  • Attacker sniffs sensitive information transmitted over the network
  • (Contact us to obtain the full list.)

Report Preparation – Skillathon Technologies team will take the results of the threat modeling and security design review and compile a consolidated report, detailing all vulnerabilities uncovered during the assessment process along with severity levels and recommendations for how to remediate all vulnerabilities that are identified.

WHAT DO YOU GET?


  1. An actionable, custom-written Architecture / Design Review Report, which describes the application’s security posture and lists all vulnerabilities identified. We also provide a threat model matrix that describes the controls that are in place or missing in relation to each vulnerability, along with custom remediation advice.

  2. Expert consultation throughout the remediation phase

Our Skills

Security Architecture Review
Threat Modeling
Application Design Review
WebService Testing
Authentication Methods
Documentation Analysis
Security Assessment Methodologies
Communication and Collaboration
Vulnerability Reporting
Consultation and Guidance

Request a Free Quote

Get your free quote today! Contact us now for a personalized estimate.

Address

Opposite B.R Stadium, Ponnur Road, Above HDFC ATM, Guntur, Andhra Pradesh 522001

Phone Number

M+91 79930 30802

O+91 97052 61967

Email

nasreen.nisa@skillathontech.com

Your message has been sent. Thank you!