Bishop Fox Product Security Review Methodology
Overview of Bishop Fox’s methodology for conducting product security reviews.
Learn the Bishop Fox approach to conducting product security reviews.
Bishop Fox’s product security review methodology leverages cutting-edge hardware and software security assessment techniques to holistically assess products and their related infrastructure and system.
Each product review begins with the modeling of practical and theoretical threats against the system, including the consideration of product-specific factors such as the operating environment, users, and the sensitivity of data processed. The assessment team uses this model to build an attack plan against the system, targeting areas that are likely to interest attackers. The team explores each area using attack techniques based on both past assessments and the latest security research. Finally, for each issue discovered, the team performs an impact assessment to determine how the finding affects the product’s organization and its customers.
Combined with an application penetration test of client-owned cloud applications and services, a product security review can help ensure the security and privacy of products and data.
This Methodology document provides an overview of the following product security review phases:
- Pre-assessment
- Information gathering and automated testing
- Manual product testing and code analysis
- Analysis and reporting