13 October 2017

Application security

The application security

ABlogiX is specialised in IT security and follows an ISO 27001 approach in analysing the threat model and proposing improvements to IS security.
This approach to security aims to take into account the entire attack surface, by reviewing all IS assets, i.e. from buildings to software applications, via the system and network infrastructure.

At the application security level, ABlogiX provides the following additional services :

  • Code security audit and application security audit
  • Advice and definition of improvement plans
  • Integration of security testing tools into the development environment
  • Training

Our application security services

Auditing an application can be done in two complementary ways :

  • The code security audit, which is carried out by analysing the source code, and is therefore in static mode or also called “white box”.
  • The application security audit, which is carried out in a pre-production environment, and which is said to be in dynamic or “black box” mode (while being carried out in collaboration with the publishing team). Each audit requires analysis by an application security expert, as although tools can be used, false positive filtering is required to provide you with an accurate and detailed report. This report will include the identified vulnerabilities and the corresponding remediation principles.

2. ABlogiX is there to support and advise you on the entire IS security process. Our skills in software development combined with application security enable us to meet your security needs from the definition of the architecture to the delivery of the software.

3. We integrate security into the heart of the software development cycle for early detection of vulnerabilities. Indeed, our mastery of development tools (configuration management, continuous integration and continuous deployment) guarantees the traceability and automation of security tests on each version, and in order to measure the progress of the security level.

4. Our experts have developed training courses on “application security” that can be tailored to the technological context: web, language, framework, etc…

Contact us for tailor-made services:

  • Audit of physical security risks
  • Audit of infrastructure security risks (systems, servers, networks)
  • Security audit of the code in static mode
  • Audit of application security in dynamic mode (web, mobile, etc.)
  • Secure architecture consulting
  • Secure cloud consulting
  • Secure development environment consulting
  • Consulting in continuous integration and application security testing
  • Training in web and mobile application security