What Will You Learn?

• Gather preliminary information about the application through manual documentation review
• Gather web-based information through the use of automated tools and techniques
• Review application design and architecture to check that appropriate security requirements are enforced
• Check the source code of an application manually and identify security issues
• Evaluate the vulnerabilities discovered for their relevance, root cause, risk criticality, and corresponding mitigation methods
• Collate application security controls from various internal and external sources
• Gather information related to application patching and its interdependencies with IT infrastructure requirements
• Isolate root causes of vulnerabilities and identify fixes, by including contextual information like architectural composition, exploitation methods and probabilities of exposure
• Categorizevulnerabilitiesandidentifyextentofvulnerabilityincludinglevelof weakness and sensitivity of the information
• Document information and activities at every step to provide an audit trail
• Automate correlation of static, dynamic and interactive application security testing results