Application Security

Application security being one of our strongest areas, we offer comprehensive security testing of applications throughout its development lifecycle. Our application security experts work with the software architects, project managers, database administrators and developers to recommend security controls at every phase of the SDLC. Engaging us at an early stage of development cycle ensures that application stays fully secure from emerging threats.

Our Methodology

  • OWASP's guidelines and testing guides to offer comprehensive coverage as our application security testing methodology.
  • STRIDE threat model and DREAD risk assessment model to perform security design review.
  • WASC and OSSTMM as an additional guidance to ensure comprehensive coverage of our testing methodology.
  • OWASP’s Software Assurance Maturity Model (OpenSAMM) to establish and review organizations' maturity towards software security

Secure SDLC

requirements1

Security Requirement Review

During the requirement phase of SDLC, our consultants review the SRS document to understand the business requirements shared by the stakeholders or the business units. The software requirements are then reviewed against the security best practices to ensure that the application is designed keeping security requirements into consideration.
design2

Security Design Review

Security design review or also referred as Threat Modeling is conducted during the design phase of the application. During this phase, application is decomposed into smaller components and a threat profile is established against each component and their respective workflows. Relevant security controls are mapped to ensure that the application is secure by design.
coding3

Security Source Code Review

Security code review or white box testing is performed at the coding stage to discover security flaws introduced during this stage. Security code review is performed with the help of automated code review engines and also by manual line-by-line inspection of the source code. Security defects are verified and mitigated before the application reaches its QA stage.
qa4

Application Security Testing

Application security testing, also referred as penetration testing or black/gray box testing is performed at the QA or UAT stage to discover the software vulnerabilities in the application run-time environment. Often gray box testing is recommended at this stage which uncovers security flaws in various application modules including OWASP Top 10 attacks.

We Secure

  • Business Websites

  • Web Applications

  • REST/SOAP APIs

  • Thick-Client Applications

  • Mobile Applications

  • Virtual Reality Applications

  • Gaming Applications

  • IoT Applications

  • Software Products

Case Studies

August 24, 2015

SQL Injection All Over – Application Security Assessment for a Nodal Agency

Torrid Networks was recently engaged in web application security assessment for a top nodal agency processing highly classified information. Along with few common misconfigurations, some serious security issues were detected in the web application security […]
Do you like it?2
Read more
June 3, 2015

XPATH Injection, Telecom X-Factor – Application Security Case Study

During a recent engagement to audit an application for a large telecom provider, Torrid Networks’ expert application security team encountered few XPATH injections in the application. The application was though also observed to contain many […]
Do you like it?2
Read more
March 10, 2009

Application Security Assessment For A Global Financial Services Company

The customer is a global financial services company, headquartered in New York City is best known for its credit card, charge card, and traveler’s cheque businesses. Following an era of international expansion, the company became […]
Do you like it?1
Read more

Our Credentials

11

YEARS OF EXPERIENCE

700

BRANDS PROTECTED

12K

APPLICATIONS SECURED

2M

LINES OF CODE REVIEWED

Learn More

Contact us today to learn more about our application security services

Contact Us