Archives: Resource Centers

The client is a global product company offering offering productized services on billing, financial product and software services to their end users across the globe…

Offerings

ASOC Premium Package

Happiest Minds’ ASOC Premium package is an all-inclusive, yet cost-effective package comprising advisory, implementation, and managed operation services in each of the following areas across various stages to help you achieve your application goals successfully.

DAST | MAST

  • End-to-end white box and black box web or mobile application and API pentesting
  • Zero false positives
  • Business logic testing

IAST

  • End-to-end white box and black box web or mobile application & API pentesting
  • Zero false positives
  • Business logic testing
  • Static application security testing (SAST) or secure software development lifecycle (SDLC) remediation

SAST

  • SAST
  • Secure software development lifecycle (SSDLC) consulting
  • Secure coding training

NIST

  • Infrastructure pentesting
ASOC Standard Package 1: (DAST | MAST)

The package ensures end-to-end white box and black box web or mobile application and API pentesting with zero false positives and business logic testing.

DAST: This application security assessment service offering covers web applications, web services and thick client applications, and is delivered in six phases:

Phase 1 – Application profiling

Phase 2 – Automated application security scanning

Phase 3 – Application vulnerability determination

Phase 4 – Application vulnerability exploitation

Phase 5 – Reporting

Phase 6 – Remediation consultation and reassessment

MAST: Mobile native application security vulnerabilities are identified with automated tools and scripts along with manual assessment to eliminate false positives and negatives. The service offering comprises six stages:

Phase 1 – Mobile application profiling

Phase 2 – Automated vulnerability scanning

Phase 3 – Mobile application vulnerability determination

Phase 4 – Mobile application vulnerability exploitation

Phase 5 – Reporting

Phase 6 – Remediation consultation and reassessment

ASOC Standard Package 2: (IAST)

This package involves static application security testing (SAST) or secure software development lifecycle (SDLC) remediation. It covers end-to-end white box and black box web or mobile application & API pentesting with zero false positives and business logic testing.

Is an “agent like” approach, which means agents and sensors are running & continually analyze the application workings during automated testing, manual testing, or a mix of the two.

The sensors will have access to and does the activity in phases manner:

Phase 1: The application code base

Phase 2: Data-flow and control-flow

Phase 3: Configuration data

Phase 4: Web layer

Phase 5: API’s

ASOC Standard Package 3: (SAST)

This package covers static application security testing (SAST), secure software development lifecycle (SSDLC) consulting and secure coding training. Source code review security vulnerabilities are identified by scanning tools in an automated manner as well as through manual assessment. The package is delivered in five phases:

Phase 1 – Sharing of the code base either in Git or secure file transfer protocol (SFTP)

Phase 2 – Project and technology stack briefing

Phase 3 – Initiating code base scanning, manual assessment and sharing the true vulnerability report

Phase 4 – Reanalyzing to validate the mitigated vulnerability

Phase 5 – Mitigating and closing the vulnerability

ASOC Standard Package 4: (NIST)

Infrastructure pentesting is covered in this package. The security assessment of Internet-facing systems or internal network testing helps discover vulnerable network services that can be exploited by unknown threat sources. The assessment is performed in five phases:

Phase 1 – Profiling and discovery

Phase 2 – Infrastructure security assessment

Phase 3 – Infrastructure vulnerability exploitation

Phase 4 – Reporting

Phase 5 – Remediation consultation and reassessment

Resources