GDS Source-Driven assessments uncover security vulnerabilities and their development root causes in the source code of mission-critical business applications.

Approach

The GDS methodology combines manual code review techniques, proprietary application security directives (ASDs), and the use of premier proprietary and commercial source code analysis tools in a consistent and repeatable process.

The full-disclosure of source code and design documents allows for the quick identification of common application security vulnerabilities. GDS engineers then focus on identifying the more obscure and high risk vulnerabilities unique to the targeted application and its business logic.

Deliverables

GDS delivers a detailed and comprehensive report at the conclusion of each application security assessment. All GDS reports are highly customizable depending on requested reporting requirements and typically include an executive summary, detailed technical findings and recommendations, and illustrative walkthroughs of all exploitation steps performed.

Optional Services

At the end of each Source-Driven application security assessment, GDS offers the following services:

• Regression testing of all items identified during the assessment
• Vulnerability Remediation Assistance and Project Management
• Custom Secure Application Development Training

Strategic Partners

Fortify Software

If you would like to learn more information about conducting a Source-Driven assessment against an application, please contact us for more details.