Credelius has developed a unique approach to an application security assessment, which is based on our proprietary methodology, public standards, open source security tools and deep knowledge of contemporary technology stacks used for building enterprise-wide applications. Our methodology includes all traditional steps of a security assessment:
- Application architecture review.
- Threat analysis.
- Automated and manual penetration tests.
- Documenting the results, providing the risk score, remediation recommendation and vulnerability classification.
Our risk scoring system is unique and is based on public standards, but it is intuitive as well, can be easily understood by customers and doesn’t require knowledge of the standards. In other words, the categories that are usually considered in known risk score models (e.g. exploitability, damage potential, discoverability) are translated to categories that could be easily understood by business application owners.
The assessment above has been created for the OWASP’s WebGoat application, which is used by many security analysts for educating purposes. It explains the assessment’s methodology, scoring system, threat and vulnerability analysis in details.