Product Security Assessment (PSA)
PSA Core Offerings
Our technical assessment is a penetration or intrusion testing that simulates a real attack against your infrastructure or product in a controlled environment in similar manners as an attacker. Leveraging top of the line tooling and most current attack vectors, we perform in-depth intrusion testing including source code review, SAST and DAST analysis to identify vulnerabilities that is guaranteed to lead to intrusions, fraud, service interruptions etc. causing you to lose money and or customers if found and exploited by an attacker.
We perform a design review proposed or already implemented to identify any potential security and compliance risks, providing actionable remediation paths that is most aligned with your nosiness needs guaranteed to save you money in the long run. Our team consisting of product security engineering and architecture expertise work with engineering team every step of the way not only on the active project but also to enhance your overall software development methodology.
Our source code analysis includes any third-party libraries use (open source or proprietarily licensed) for any possible violations or non-compatibility. Our source code analysis service offering is a full service on its own that can be performed as a stand alone or in conjunction with other technical assessments. We will work with you to identify if this is a business need.
The Arise Security PSA methodology combines both manual and automated methods integrated with industry known frameworks that goes beyond scanning to include the Open Web Application Security Project (OWASP), Penetration Testing Executive Standards (PTES), Open Source Security Testing Methodology (OSSTM), Control frameworks: ISO 27001, Control Objectives for Information and Related Technology (COBIT), Architecture models such as The Open Group Architecture Framework (TOGAF).
What you get from our tailored Product Security Assessmsents
24 hrs. status report on active engagements
Your consultant and project manager will be in touch with you to provide status report on testing activities at least once every 24hrs during active testing providing you with peace of mind.
Actionable Insights
We provide you with proof of concepts (POC) highlighting the exploitation patch (s) for every vulnerability. Our team will walk your engineers through this for remediation and as a lesson learned exercise.
On Demand Project Management
You are assigned a project manager that works with your organization throughout the engagement for one-time exercise and on a continuous basis if PSA is part of your overall Cyber RaaS service. Your project manager will ensure seamless and on time communication between our team and yours, making sure that vulnerabilities are remediated in an on-time manner
Historical and Trend Analysis Data
A tailored made dashboard view of historical records showing a holistic view of your security risks, this is combined with output from other risk sources such as the Risks from the Managed Threat Detection and Response, Third Party Supply Chain Risks and Output from the Continuous Vulnerability Management. Your dashboard will include key performance indicators and Objective Key results (OKRs) tailored to your environment and maturity stage
Readable and User Friendly Reports Customizable to different Audiences
Your end report whether at the end of the engagement or monthly for continuous monitoring assessments will come with the following:
- An Executive Summary of vulnerabilities risk ranked
- Technical description of methodology leveraged and any underlying assumption
- Detailed description of each vulnerabilities with Proof of Concept images and step by step guide (our consultant will provide video POC if requested)
- Recommendation with consideration of the resulting cost in capital investment, operation and maintenance, personnel and time
- Additional supporting evidence of all successful exploit for immediate remediation
- A summary outlining next steps to include any immediate or long term planned remediation activities.