Application Security Consulting

Strong Crypto helps organizations secure their Web applications, Web services, and other software applications. We tailor our consulting engagements according to our client’s needs, from the audit of a single application to broad support for initiating or improving a software or application security program.

We provide independent verification that the applications produced by an organization are secure. Our process identifies and ranks the security risks of the application so that an organization can focus their resources on the most serious issues first, in order to manage security spending effectively. This process also produces evidence that demonstrates the compliance of the application with specific security requirements.

Our consulting services support all business functions in software development, from Governance to Deployment. We perform activities such as creating an application security policy, defining security requirements, security testing, and hardening the deployment environment.

Some of our most requested services are the following:

Threat Modeling

Threat modeling is an activity that approaches the design of the software from an adversary’s perspective, which includes identifying the pathways that can be used to conduct an attack. The goal of threat modeling is to enumerate potential threats to an application and map each threat to a corresponding mitigation.

Code Review

Code review is the process of auditing the source code of an application to verify that the proper security controls are present, that they work as intended, and that they have been invoked in all the right places. Our comprehensive approach utilizes automated static analysis to ensure full code coverage and manual review for intensive inspection of security critical areas of the code.

Security Testing

Security testing measures the effectiveness of the application security controls by highlighting risks posed by actual exploitable vulnerabilities. Security testing should assess the security properties and behaviors of software as it interacts with external entities (human users, environment, other software) and as its own components interact with each other.