Static Application
Security Testing (SAST)

Security Simplified consultants work alongside with your development or security team to decode those bulky and complex results from commercial-grade static code analyzers such as HP Fortify and Checkmarx. We perform technical analysis of each “Kill Chain” to eliminate the false positives and log tickets into your issue tracking system.

We work with your team to support your static code review initiative and ensure each actual vulnerability is tracked and remediated in a timely manner.

Our methodology and test cases are derived from the below standards:

  • Open Web Application Security Project (OWASP)
  • OWASP Code Review Guide
  • Open Source Security Testing Methodology Manual (OSSTMM)
Image
Image

Our Methodology

Static Code Base Scanning

Review Report from Tools such as Fortify, Checkmarx

Identification of Vulnerability

Vulnerability categorization

False Positive Elimination

JIRA Issue Logging & Tracking

Weekly & Monthly Reporting

Work with Development Team for Vulnerability Review

Issue Tracking and Monitoring

Sample List of Checks

  • Authentication & Access Control
  • Session Management
  • Data Validation / Injection & Scripting Attacks
  • Business Logic & Design
  • Error Handling & Logging
  • Backdoors & Hardcoded Secrets
  • Cryptography & Security Misconfiguration
Image

Reporting

  • Executive summary for the management
  • Vulnerability dashboard for the project team
  • Technical report for the development team
  • Issue logging into your internal issue tracking system
  • Reporting and risk rating matrix based on OWASP standards

Want to work with us?

Do you need help finding information or want to know more about what Security Simplified services can do for you?

CONTACT US

Copyright @2022 Security Simplified Limited