Application Security

Our Design Assessment offers a focused one- to two-week security analysis of your system, intended to be performed during the early system design phase. Our approach is to evaluate and examine your security architecture and design choices to identify potential vulnerabilities and foundational weaknesses, whether in custom development or codebase forking. Thorough assessments of security controls, data flow, and critical design elements preemptively uncover issues to help ensure a robust and resilient system. Our process minimizes the risk of costly redesigns, providing recommendations for improved design and effective test strategies based on the chosen architecture.

• Design goals and proactive risk mitigation

  Our Design Assessment includes detailed guidance so you can achieve your design goals or implementations. Our engineers also identify whether your design is susceptible to common security concerns or known attacks. When a design review is conducted early on, we can help you identify and prevent entire classes of attacks and vulnerabilities before any software is written. Additionally, we recommend impactful ways to revise the system's design to be resilient to threats from the outset.

• Alignment with business strategy

  A Design Assessment helps ensure your architectural design aligns well with your technology strategy and business objectives. This step is crucial to ensure the system serves its purposes efficiently and fits into the long-term vision of your product.

Our data-centric threat models provide a high-level risk assessment that comprehensively identifies a system's specific risks and the actors that could take advantage of them, both within and without. A Trail of Bits threat model pairs our exceptional talent with an effective methodology to help you develop more secure applications and systems.

• Security controls maturity evaluation

  We use a traffic-light protocol to clearly understand the areas in which your security controls are mature, immature, or underdeveloped, as evaluated at the assessment time.

• Components and trust zones

  We partition the system and its external dependencies into logical components according to their functionality. These system elements are further classified into trust zones—logical clusters of shared criticality, between which the system enforces (or should enforce) interstitial controls and access policies.
  At a design level, trust zones are delineated by the security controls that enforce each zone's differing levels of trust. Therefore, it is necessary that data cannot move between trust zones without first satisfying the intended trust requirements of its destination.

• Threat actors and paths

  We work to identify and characterize potential threat actors within the system, encompassing both users and services capable of executing or being manipulated into carrying out an attack. We map the paths these threat actors can traverse between different trust zones in the system. This approach proves valuable when scrutinizing existing controls, remediations, and mitigations within the architecture and pinpointing potential routes for attackers to escalate privileges.

• System diagrams

  We develop detailed diagrams depicting our understanding of the system as a whole, specifying all its components, their connections, and the trust zones in which they reside.

Explore Our Threat Models: Public Report for the Linkerd Project from the Linux Foundation

We evaluate the infrastructure used to deploy and operate cloud-hosted applications and environments. We identify key threats and develop a detailed understanding of your cloud-native environment. In addition to identifying architectural issues in the layout of your cloud-native deployment, our team assesses your environment's configuration for potential issues that impact the security posture of the services in use.

• Automated analysis

  We supplement our manual review using static and dynamic analysis tools such as Terrascan, Kubediff, ScoutSuite and tfsec, quickly catching common security issues, pointing engineers toward weak points in the codebase, and identifying systematic problems that could indicate poor code maturity. On an as-needed basis, we may write custom rules for these tools to better detect issues specific to the target application. At the end of the assessment, we provide you with any custom rules our engineers developed, allowing your team to scan their codebase for the noted issues on an ongoing basis after the audit concludes.

• Infrastructure maturity evaluation

  We partition the system and its external dependencies into logical components according to their functionality. These system elements are further classified into trust zones—logical clusters of shared criticality, between which the system enforces (or should enforce) interstitial controls and access policies.
  At a design level, trust zones are delineated by the security controls that enforce each zone's differing levels of trust. Therefore, it is necessary that data cannot move between trust zones without first satisfying the intended trust requirements of its destination.

• Containers and Orchestration

  We are dedicated to ensuring the robustness and security of containerized environments and their orchestration. We focus on container configurations, potential container breakout vulnerabilities, and the security aspects of CI/CD pipelines. We aim to fortify the entire lifecycle of containerized applications, from build to deployment to help ensure they are secure, efficient, and aligned with best practices for authentication, authorization, secrets storage, networking, and cluster architecture.

Explore Our Cloud/Infrastructure Assessments: Public Report for the Tekton Project from the Linux Foundation

Our Comprehensive Code Assessment adopts a hybrid approach, combining manual assessment, static analysis using tools like CodeQL and Semgrep, and dynamic analysis. This comprehensive method assesses high-risk components across the core project code, infrastructure as code, front end, back end, APIs, SDKs, and more, considering architecture, technology, and business requirements.

• Enhancing code resilience

  Our service evaluates the maturity of your codebase by examining key security controls such as code complexity, testing coverage, and access control models. We assess how well your codebase and development practices are equipped to prevent new vulnerabilities.

• Strategic guidance for long-term security

  Our code assessments go beyond identifying vulnerabilities to improve the overall quality of your code. We provide actionable strategic recommendations beyond immediate fixes, aiming to improve your security posture over the long term. Our advice is based on an understanding that the likelihood of vulnerabilities decreases with the maturity of the software engineering practices. We guide you on designing, implementing, and testing critical security controls; simplifying code; and enhancing documentation and testing protocols.

• Dynamic Testing of Web/API/Mobile Applications

  During Code Assessments, we can also perform invariant development and testing. We develop invariants where their conditions or properties that are assumed to be always true during the execution of a program or within a given context, providing a foundation for building and testing secure software. This comes from understanding your code, your desired outcomes, and with a lense of futre security. We can also train your team on how to use the invariants, as well as develop others. With years of experience in the appsec space, we use a variety of tools and methodologies, such as Semgrep, CodeQL and others to test invariants.

Explore Our Comprehensive Code Assessments: Public Report for cURL