Skip to main
Service

Kaspersky Application Security Assessment

Uncover vulnerabilities in applications of any kind

Overview

Whether you develop enterprise applications internally or purchase them from third parties, you’ll know that a single coding error can create a vulnerability – a vulnerability that can expose your business to attacks and result in considerable financial and reputational damage. New vulnerabilities can arise during an application’s lifecycle through software updates or insecure component configuration, as well as through new methods of attack.

Black-box testing

Emulating an external attacker without prior knowledge of the application's internal structures and workings

Grey-box testing

Emulating legitimate users with a range of profiles

White-box testing

Analysis with full access to the application's source codes

Application firewall effectiveness assessment

Testing with and without the firewall enabled to verify whether potential exploits are blocked

Case Studies

Eхplore examples of Kaspersky Lab security solutions at work in the field

Merkeleon

Starting in 2009 Merkeleon has developed innovative platforms for marketplaces, online auctions and cryptocurrency exchange. With Kaspersky the company has achieved great synergy between crypto development expertise and in-depth knowledge of cyber threats and security algorithms.

World Chess Federation

In February 2017 FIDE, World Chess and Kaspersky Lab jointly announced a cybersecurity partnership, initially embracing the two-year World Chess Championship cycle in 2017-18.

The Use

  • Kaspersky Application Security Assessment helps to:

    • Prevent financial, operational and reputational loss by proactively detecting and fixing the vulnerabilities used in attacks against applications
    • Save remediation costs by tracking down vulnerabilities in applications still in development and testing before they reach the user environment where fixing them may involve considerable disruption and expense
    • Support a secure software development lifecycle
    • Comply with government, industry and internal corporate standards, such as GDPR or PCI DSS
  • Vulnerabilities which may be identified:

    • Flaws in authentication and authorization, including multi-factor authentication
    • Code injection (SQL Injection, OS Commanding, etc.)
    • Use of weak cryptography
    • Logical vulnerabilities leading to fraud
    • Client-side vulnerabilities (cross-site scripting, cross-site request forgery, etc.)
    • Insecure data storage or transferring, for instance, lack of PAN masking in payment systems
    • Disclosure of sensitive information
    • Other web application vulnerabilities
  • Results are detailed in a final report and include:

    • Detailed technical information on the assessment processes
    • Vulnerabilities revealed and recommendations for remediation
    • An executive summary outlining management implications
    • Verification of compliance with international standards and best practices
    • Videos and presentations for your technical team or top management can also be provided if required

Related to this Service

Assessing the security posture of your organization

Delivering effective corporate defenses against complex threats and targeted attacks

Securing all areas of transportation IT infrastructure

Raising security levels through predicting, preventing and responding to financially motivated cybercrime

Securing telecoms data, applications and networks against the most advanced cyberthreats

As threats targeting industrial infrastructure increase, choosing the right advisor and technology partner to secure your systems has never been more important.

Rigorous security and compliance for POS terminals, workstations, mobile devices and back-office systems