Consulting

Application Security

Secure Your Applications, Before You Deploy Them

Neohapsis provides a three pronged approach to address application security needs at strategic and tactical levels. First, our program development services provide the expertise needed to integrate security into a software development lifecycle. By analyzing business and development practices, we help our clients establish the processes, policies, and standards that provide a robust framework for building secure software. Second, in order to support this framework, we offer developer training so your team has the skills they need to effectively produce secure software. Third, we provide source-based and blackbox application assessment services for a broad range of software - including web applications, commercial off-the-shelf software, and embedded systems. Neohapsis' holistic approach equips our clients with the ultimate confidence in the security of their applications. Our service offerings include:

Security Standards Development & Review
  • Platform Specific Security Standards

      • Neohapsis works with client's software engineers to create tailored, secure development standards for a specific platform, such as ASP.NET, J2EE, or other APIs and frameworks.

  • Language Specific Security Standards

      • Neohapsis works with client's software engineers to create tailored, secure development standards for a specific programming language, such as C/C++, C#, Java, or PHP.

Secure Development Training
  • Secure Web Development Training

      • A two day course on identifying and preventing vulnerabilities in web applications; the course includes theory, practice, and a practical application component.

  • Secure Database Development Training

      • A two day course for DBAs that builds on the secure web development course and provides more detailed coverage of database related vulnerabilities; this course will require Secure Web Development as a prerequisite.

  • Secure C/C++ Development Training

      • A two day course on identifying and preventing C/C++ vulnerabilities; the course includes theory, practice, and a practical application component.

  • Security Code Review Training

      • A two day course on process and techniques for performing internal code reviews; this course will require the Secure C/C++ or Secure Web Development course as prerequisites.

Application Assessments
  • Blackbox Assessment

      • Neohapsis reviews a live application to identify the most common security vulnerabilities in a short-duration assessment.

  • Whitebox Assessment

      • Neohapsis reviews application source code to more effectively identify vulnerabilities and provide detailed remediation guidance.

  • Combined (Blackbox & Whitebox) Assessment

      • Neohapsis reviews source code and a live application to identify vulnerabilities in the most thorough and cost-effective manner.

Application Security Architecture
  • Design & Integration Support

      • Neohapsis develops a comprehensive, re-usable security model for client applications to reduce both cost and risk. We provide ongoing security expertise during the development and deployment of applications, frameworks, and distributed application architectures.

  • Architecture Review & Assessment

      • Neohapsis identifies high-level vulnerabilities and develops an implementation review plan by assessing application design and deployment documentation, and performing personnel interviews.

SDLC Security Program Development

      Neohapsis reviews a client's software development lifecycle (including process documentation and personnel interviews) to identify security deficiencies in the development process and provide guidance for developing more secure software development and quality assurance processes.