Skip to content

Application Security Assessment

Prove the security of your application

SCHEDULE A CONSULTATION

Whether you’re developing a new application or purchasing one to install on your network, you will benefit from an impartial assessment of its security.

Not only do third-party audits carry more weight with customers and regulators, but they also illuminate the blind spots that inevitably arise with internal development and testing.

We will provide an impartial application security audit.

And whether your needs are compliance or risk-focused, we can deliver our assessment in the appropriate format.

Our expert team of security testers comes from multiple backgrounds, including computer science, security research, and yes, DevOps.

We bring a diversity of thinking to every project, giving you access to people and expertise that are rare to find in even the largest corporations.

2-4
SCHEDULE A CONSULTATION
17

Service Highlights

  • Align your audit with a recognized framework such as the OWASP Top Ten

  • Identify Security Flaws in your application

  • Choose from Two Reporting Formats

  • Customize your assessment with up to three Service Enhancements

With our Application Security Assessment, you will:

15-min
SATISFY REGULATORS

 

mountain top with a purple overlay
REASSURE CLIENTS

 

mountain top with a pink overlay
PROTECT YOUR DIGITAL ASSETS

 

SCHEDULE A CONSULTATION

We will translate our findings into terms your development team can easily address

What to expect:

  • 01 KICKOFF CALL
  • 02 ASSESSMENT
  • 03 REPORT

Kickoff Call

We will hold a Kickoff Call with the appropriate stakeholders to verify the desired level of exploitation, determine access requirements, and set timelines.

We will also review our Rules of Engagement document, which defines how we will engage and authorizes us to perform security testing on your systems. You must sign this document before we proceed.

Assessment

We will perform our assessment using manual and automated tests.

Our manual testing begins with a discovery phase: we will map all the application's endpoints and pages. Then, we will identify and attempt to exploit potential attack scenarios. The automated testing runs in parallel with the discovery phase.

We will provide progress updates during our assessment. If we detect a critical vulnerability, you will be informed immediately via the agreed-upon communication method. Otherwise, you will receive an update at the end of each week.

Report

We will provide a draft report for your comment and validation.

Then, we will present the final report: either a Memorandum of Findings or a comprehensive Application Security Assessment Report.

Security-Report-Sample

We offer reporting in two formats:

1. 

MEMORANDUM OF FINDINGS

We provide a list of discovered weaknesses and critical issues in a memo format. This concise report is designed for technical team members who can interpret and act on its findings.

2.

APPLICATION SECURITY ASSESSMENT REPORT

This comprehensive report includes an Executive Summary, a list of technical findings, and prioritized recommendations for remediation.

 

We also offer the following Service Enhancements at an additional cost:

  • Secure SDLC Consulting
  • Source Code Review
  • Threat Modelling

No one wants a vulnerable application on their network

SCHEDULE A CONSULTATION

Mirai Security is a process-focused consulting firm based in Vancouver, Canada. We are a dynamic group of cybersecurity experts with decades of experience building and operating security teams for the Canadian government, various critical infrastructure projects, the Vancouver 2010 Winter Olympics, and more.

In addition, we hold a rare engineering designation in the cybersecurity space, so our clients get novel insights and a proper, engineering-style approach to their enterprise network and data security. 

Cybersecurity is a fluid, complex field, and we’ve spent 30 years figuring it out so you don’t have to.