Join Us For A Special Livestream From DEF CON 30. Watch Live Friday, August 12 | 10AM - 5PM ›
A Hybrid Application Assessment (HAA) is a source code-assisted assessment of a web or mobile application, API, or thick client. Armed with the source code, our consultants can rapidly discover specific types of application security issues including architecture and logic flaws, inadequate validation, cryptographic issues, and much more.
By having access to the source code, our assessments are much more thorough than an Application Penetration Test (APT) alone. Guided by industry-standard methodologies like the OWASP Code Review Guide and the OWASP Testing Guide, we manually assess your application for not only the OWASP Top 10 vulnerabilities but also source code-relevant critical security controls and vulnerability categories.
In addition, our HAA service can be bundled or combined with any of our other services to add coverage depth or deep analysis where required.
Hybrid Application Assessments highlights:
Bishop Fox’s Hybrid Application Assessment (HAA) combines the real-world attack techniques of application penetration testing with a targeted source code review to more thoroughly identify security vulnerabilities in the application.
Code-level vulnerabilities are insidious because they are so difficult to find, yet can have a devastating impact on your business. In addition to the OWASP Top 10, we examine critical vulnerability categories, including data validation, authentication, session management, authorization, cryptography, and more.
We have your back. With access to the application source code, our consultants can verify and confirm vulnerabilities found through a combination of manual and automated methods. Extending your application testing beyond a static penetration test yields more actionable results.
Combine a Hybrid Application Assessment with an Architecture Security Assessment (ASA) or Threat Modeling service and address the full spectrum of application security issues, including architecture, development processes, and risks across underlying infrastructure.
A one-size-fits-all approach won't work to fully assess your app’s resiliency against advanced attacks. We scope each engagement to meet your business goals with either time-boxed or more comprehensive approaches.
Our high-quality reporting goes above and beyond static risk ratings and generic scoreboards. In addition to being fully customized to your application, your organization, and your desired outcomes, our reports offer actionable security guidance.
When Google needed to ensure that their user data was being handled securely, they partnered with Bishop Fox to design a security assessment program that could validate the security posture of their 1,000+ G Suite partners. The result: the largest and most successful public third-party ecosystem testing program ever.
AVP of Consulting at Bishop Fox
|Tom Eston is the AVP of Consulting at Bishop Fox. Tom's work over his 15 years in cybersecurity has focused on application, network, and red team penetration testing as well as security and privacy advocacy. He has led multiple projects in the cybersecurity community, improved industry standard testing methodologies and is an experienced manager and leader. He is also the founder and co-host of the podcast The Shared Security Show; and a frequent speaker at user groups and international cybersecurity conferences including Black Hat, DEF CON, DerbyCon, SANS, InfoSec World, OWASP AppSec, and ShmooCon.|
We'd love to chat about your offensive security needs. We can help you determine the best solutions for your organization and accelerate your journey to defending forward.