Overview

Whether you develop enterprise applications internally or purchase them from third parties, you’ll know that a single coding error can create a vulnerability – a vulnerability that can expose your business to attacks and result in considerable financial and reputational damage. New vulnerabilities can arise during an application’s lifecycle through software updates or insecure component configuration, as well as through new methods of attack.


  • Black-box testing

    Emulating an external attacker without prior knowledge of the application's internal structures and workings

  • Grey-box testing

    Emulating legitimate users with a range of profiles

  • White-box testing

    Analysis with full access to the application's source codes

  • Application firewall effectiveness assessment

    Testing with and without the firewall enabled to verify whether potential exploits are blocked

Case Studies

Eхplore examples of Kaspersky Lab security solutions at work in the field

  • 
		Ferrari S.p.A.                
    Ferrari S.p.A.                

    Ferrari took a strategic decision to choose Kaspersky Lab as their IT Security provider. They wanted to introduce more stringent IT security measures to protect their core business and ensure an increase in safety.

  • World Chess Federation
    World Chess Federation

    In February 2017 FIDE, World Chess and Kaspersky Lab jointly announced a cybersecurity partnership, initially embracing the two-year World Chess Championship cycle in 2017-18.

The Use

  • Kaspersky Application Security Assessment helps to:

    • Prevent financial, operational and reputational loss by proactively detecting and fixing the vulnerabilities used in attacks against applications
    • Save remediation costs by tracking down vulnerabilities in applications still in development and testing before they reach the user environment where fixing them may involve considerable disruption and expense
    • Support a secure software development lifecycle
    • Comply with government, industry and internal corporate standards, such as GDPR or PCI DSS
  • Vulnerabilities which may be identified:

    • Flaws in authentication and authorization, including multi-factor authentication
    • Code injection (SQL Injection, OS Commanding, etc.)
    • Use of weak cryptography
    • Logical vulnerabilities leading to fraud
    • Client-side vulnerabilities (cross-site scripting, cross-site request forgery, etc.)
    • Insecure data storage or transferring, for instance, lack of PAN masking in payment systems
    • Disclosure of sensitive information
    • Other web application vulnerabilities
  • Results are detailed in a final report and include:

    • Detailed technical information on the assessment processes
    • Vulnerabilities revealed and recommendations for remediation
    • An executive summary outlining management implications
    • Verification of compliance with international standards and best practices
    • Videos and presentations for your technical team or top management can also be provided if required

Let’s Start the Conversation and talk to one of our experts about how True Cybersecurity could inform your corporate security strategy, please get in touch.