Ignorer kommandoer på båndet
Gå til hovedindhold

Application Security Health Check Service

A decade of infrastructure and network hardening has pushed hackers up the technology stack to exploit application security vulnerabilities as the easiest entry to your critical business systems. 

Gartner formulates this as, “perimeters and firewalls are no longer enough; every app needs to be self-aware and self-protecting”. 

However, the IT industry in general has not matured its application security capabilities. Application security is for many vendors and organizations still a secondary concern, until a security or data breach in their systems is detected. However, companies can no longer afford this approach, as the EU General Data Protection Regulation imposes substantial fines on data leaks of personal information. 

NNIT is responding to this challenge by launching an Application Security Health Check Service.


"With the increased focus on security, the evolving threat landscape, and the risk of substantial fines in the event of a data breach, securing business applications has become vital for any company."


Application Security Health Check Service

The purpose of the Application Security Health Check Service is to conduct a comprehensive assessment using a holistic approach in order to assess if the application in question is:

  • Secure by Design

  • Secure by Implementation

  • Secure by Configuration

Secure By Design

Has the application been designed to counter threats against the confidentiality, integrity, and availability of the data it processes?

Secure by Implementation

Has the application been implemented in accordance with secure coding best practices and using only approved third-party components and libraries?

Secure by Configuration

Has the application been configured and deployed according to the principle of least privilege in order to minimize the attack surface that can be exploited by an attacker?

The service is tailored for companies with development teams that are challenged by the increasing security demands imposed by the evolving threat landscape and the EU General Data Protection Regulation.

The output from the service is a health check status that describes the detected security vulnerabilities and the risks that they pose to the application and its data, along with the recommended mitigation strategies.


Key Activities

The following sections describe the key activities in the Application Security Health Check Service. However, the service can be tailored to meet your business needs.

Stakeholder Interview

The first activity in the service is to conduct a stakeholder interview in order to clarify the scope for the health check along with the application’s data classification, security requirements, and key business concerns.

Threat Modeling

Based on the input from the stakeholders, threat modeling is carried out in order to determine if the application design adheres to the security requirements and to uncover any design weaknesses that can be exploited by an attacker.

Developer Dialog

A workshop is conducted using the threat model as a collaborative tool in order to engage the development team in a dialog about potential design weaknesses and improvement opportunities.

Code Inspection

A code review of the critical security controls in the application is conducted along with an evaluation of any third-party components and libraries used in order to assess if secure coding best practices have been adhered to during development.

Penetration Testing

Web interfaces are subjected to a combination of automated and manual penetration testing, as they are a preferred attack vector for cyber criminals.

Risks & Recommendations

The security vulnerabilities uncovered during the threat modeling, code inspection, and penetration testing activities are rated based on the risks that they pose to the security of the application, the data it processes, and the business that relies on it; the findings are consolidated into a final report, along with recommendations about how to mitigate each detected security vulnerability.


Who are we?

The NNIT Application Security Team consists of highly skilled professionals, specialized in designing, implementing, and testing applications with critical security and privacy requirements. It is on that solid foundation in application security that we have condensed the pertinent knowledge of best practices into the Application Security Assessment Service.

Learn more

If you want to learn more about this service, please contact Thomas Lund Erichsen at TMLN@nnit.com.


 

 

Thomas Lund Erichsen+4530756951tmln@nnit.comManager - Application Securityhttps://dk.linkedin.com/in/thomas-lund-erichsen-9177062Thomas Lund Erichsen

 

 

Risky Business?http://www.nnit.dk/ArtiklerOgOfferings/Sider/Risky-Business.aspxRisky Business?
​Ransomware 101http://www.nnit.dk/ArtiklerOgOfferings/Sider/Insights.aspx​Ransomware 101
Cybersecurity Awareness – The First Line of Defense​http://www.nnit.dk/ArtiklerOgOfferings/Sider/CybersecurityAwareness.aspxCybersecurity Awareness – The First Line of Defense​
The Fine Art of Aligning Business Strategy and Information Security Strategyhttp://www.nnit.dk/ArtiklerOgOfferings/Sider/The-Fine-Art-of-Aligning-Business-Strategy-and-Information-Security-Strategy.aspxThe Fine Art of Aligning Business Strategy and Information Security Strategy
​Privacy – why it is worth fighting forhttp://www.nnit.dk/ArtiklerOgOfferings/Sider/Privacy.aspx​Privacy – why it is worth fighting for
​The C.I.A. of application security!http://www.nnit.dk/ArtiklerOgOfferings/Sider/ApplicationSecurity.aspx​The C.I.A. of application security!
Migrate to Cloud Services without Jeopardizing Security and Compliancehttp://www.nnit.dk/ArtiklerOgOfferings/Sider/MigratetoCloudServices.aspxMigrate to Cloud Services without Jeopardizing Security and Compliance
​​​Building a sustainable defence: How to secure your operational technology (OT) environment​http://www.nnit.dk/ArtiklerOgOfferings/Sider/BuildingSustainableDefence.aspx​​​Building a sustainable defence: How to secure your operational technology (OT) environment​
On Cyber Warfarehttp://www.nnit.dk/ArtiklerOgOfferings/Sider/On-Cyber-Warfare.aspxOn Cyber Warfare
Control Your Security & Privacy in the Cloudhttp://www.nnit.dk/ArtiklerOgOfferings/Sider/Control-Your-Security-Privacy-in-the-Cloud.aspxControl Your Security & Privacy in the Cloud