Application Architecture Review
Application Architecture Review (AAR) is not simply a penetration test or a vulnerability scan. It focuses on the discovery of exploits and evaluates security design & implementation weaknesses using industry standard controls. We take a focused review of:
Information gathered from personnel.
Specific regulatory and corporate security requirements.
Best practices as appropriate.
Specific technology, system, and process controls.
6 Layer Approach
The security layers that we assess, from external to internal are: Accreditation Boundary, Perimeter, LAN, Host, Application, OS.
A vulnerability existing at one layer might be mitigated via protections existing within another layer.
Performed in areas of confidentiality, integrity, availability and defense in depth.
System Category & System Sensitivity
System Interconnection, System Environment, Applicable Regulation & Policies
Risk Management Controls
Risk Assessment & Management
Review of security controls
System Planning: Initiation, Development, Implementation, Operation / Maintenance, Disposal
Rules of Behavior
Review Operation Controls
Physical / environment controls
Data Integrity / Validation Controls
Security Awareness and Training
Review Technical Control
Identification and Authentication
Logical Access & Controls