The Quick Read Comprehensive application security review Application architecture design review Review of security functional and nonfunctional design requirements System configuration analysis Vulnerability scanning and penetration testing Click Here to download Application Security Assessment (pdf)

Who Needs an Application Security Assessment?

	Companies that leverage Internet application architectures should conduct regular application security assessments as part of your security vulnerability management strategy.
	Companies that provide information, data access or data input or data management via internal or external applications should assess application controls for security vulnerabilities.
	Companies that leverage e-commerce or point of sale application should perform application security assessments to validate the security functionality and embedded security controls.

What is Application Security Assessment?

Application Security Assessment is an in-depth analysis of your end-to-end application architecture. Included is an application architecture design review, design and function, development and maintenance processes, its operational management processes and its technology components to understand the system configuration. Arsenal application security experts will conduct application vulnerability scanning and penetration testing to determine potential exposures that may lead to information leakage or application and system breach.

Components included in application security assessment are:

	Review of application design and component architecture		Review of security functional and nonfunctional design requirements
	Application architecture segmentation and n-tier architecture analysis		System vulnerability configuration analysis
	Internal and/or external application scanning and penetration testing		Detailed findings and recommendation reporting

Application Security Assessment Engagement Process and Deliverables

After an initial call, the Arsenal Security Group Senior Partner will prepare a statement of work within 2 days and we normally can begin an engagement within two weeks. During the engagement we will use interviews, questionnaires, physical tours and technical tools to develop our assessment. We usually use 1-2 consultants in tandem with our Senior Partner to complete an engagement. We will provide an executive summary, a detailed report with all of our findings and recommendations, and a final onsite presentation. Our engagement is not complete until all of our deliverables have been reviewed and accepted by our client.

About Arsenal Security Group
Arsenal Security Group is a security consulting firm that is focused on close client coordination and collaboration. From the initial meeting through the final presentation, one of Arsenal Security Group’s Senior Partners will be the primary contact for all engagement activities. We proactively conduct weekly calls with our client when engaged and meet with clients on a quarterly basis to review and understand their security posture – even when we are not actively engaged on assignment to ensure they are aware of new security risks or regulatory changes they may impact their business.

^^ Top