SecureState assesses application architecture from multiple security perspectives. These include adherence to corporate security policies, authentication and authorization mechanisms, access controls, data flow and data integrity checking, encryption and key management, logging and monitoring. Communication between application tiers is reviewed as well as security dependencies introduced by support services and operating systems. The intent is to identify attack vectors that could be exploited.
SecureState uses key personnel interviews, review of architecture design documents, review of infrastructure configurations and whiteboard sessions to identify application exposures. These are documented along with tactical and strategic recommendations to support remediation efforts. This process can cover internally developed, commercial, open source and outsourced applications.