Application Security Assessment

Overview As organizations migrate and operate critical workloads on AWS, 10Pearls’ app security services offer in-depth analyses and roadmap for comprehensive security design and implementation. Spearheaded by a team of DevOps, network and AWS specialists, we employ Vulnerability Assessment and Penetration Testing to probe the network infrastructure for vulnerabilities, and provide references to manage and control technology risk to business.

10Pearls app security audits are delivered by our dynamic Engineering Team, with deep knowledge and expertise of DevSecOps and AWS services. Our work includes building and executing solutions spanning cloud foundations, DevOps automation, security, and data.

Deliverables

After completing the assessment, 10Pearls DevSecOps engineers formally document the findings. The deliverables generally include two detailed reports:

1. Executive-level report is written for management and includes a high-level overview of assessment activities, scope, most critical/thematic issues discovered, overall risk scoring, organizational security strengths, and relevant screenshots.
2. Technical findings report includes all vulnerabilities listed individually, with details on how to recreate the issue, understand the risk, recommended remediation actions, and helpful reference links. This report includes:

• Scope of the project (and Out of Scope parts)
• Custom tools/scripts used during the testing
• Dates & times of the actual tests on the systems
• All outputs of tests performed
• All identified vulnerabilities with descriptions, PoCs and recommendations on how to “fix” the vulnerabilities
• Reported vulnerabilities marked according to a severity matrix of action points
• Screen Recordings (if any)

Post remediation, a second penetration test is carried out to ensure all identified gaps are closed and that the remediation exercise has not resulted in any new weaknesses.

Initial Steps for Project Kickoff

• Project discussion call with the customer and stakeholders to understand key requirements.
• Our AWS DevSecOps experts study the application and infrastructure to identify and carry out penetration testing on the environment provided by the customer.
• Project closure is achieved when the stakeholder signs off the agreement that the application security activity has been completed.
• Post security analysis: 10Pearls offers 24/7 support via blue team which monitors the infrastructure 24/7/365.

Project Execution and Updates

Communication is key to any project’s success. Our certified DevSecOps engineers and AWS consultants keep the customer updated about the progress on daily and weekly basis. Our engineers perform end-to-end penetration testing of the entire system to ensure all system vulnerabilities are identified and reported before handoff to the customer.