Application Architecture

VSR's architectural security assessments identify both strengths and weaknesses of an application or product based on the design, implemented components, system deployment configuration, and security controls used to eliminate or mitigate threats in the architecture.

During application architecture security and design reviews the VSR team works with developers and architects to understand the components a given application is composed of. Separately, VSR works with business representatives to understand use cases and business impact associated with the application and risks identified during the assessment process allowing VSR to identify not only technical risks, but also to quantify business risk.

Decomposing the application into constituent elements such as: data sources, data flows, processes, application interfaces, users, roles, use cases and application components provides a mechanism to develop an application threat model and identify potential risks derived from application design and the choice of particular technologies. VSR will provide a comprehensive threat model of potential and observed risks in the application architecture and develop recommendations to eliminate or mitigate risks.

By identifying risks early in the software development lifecycle (SDLC), VSR's team of consultants aims to reduce the cost of improving the overall security posture of applications and system architectures by promoting security awareness with key business and technical stakeholders throughout the assessment process.

A typical architectural assessment includes reviews of the following:

VSR provides architectural guidance and recommendations based on industry best practice, industry specific regulatory requirements and prudent security policy.

Apple iOS / OSX: Foundation NSXMLParser XXE Vulnerability

XML Schema, DTD, and Entity Attacks

IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to POA

Timothy D. Morgan presents No Crack Required: Cryptanalysis in Real-World Applications at OWASP AppSecUSA 2012.


Contact us by phone,
fax or e-mail:

Phone: 617.933.8919
Fax: 617.933.8920