One of nVisium's key differentiators is a developer-centric approach to helping clients remediate identified issues. Our Hybrid approach allows nVisium to determine exactly where vulnerabilities occur and precisely how to fix the problems. nVisium's team of software and security engineers will provide specific remediation guidance in the form of refactored code examples and concrete implementation guidance. This produces recommendations that are immediately actionable and aimed at reducing the total engineering overhead associated with remediation efforts.
All of nVisium's assessment methodologies cover flaws outlined in both the OWASP Top 10 and WASC Threat Classification and meet the criteria for PCI DSS 11.3.
As part of our most popular service offering, nVisium will evaluate all aspects of an application and test risk mitigation solutions for a fully comprehensive security assessment. Our Hybrid Assessment approach utilizes a multi-step methodology combining the strongest aspects of both static and dynamic analysis to provide the most extensive and efficient assessment possible. nVisium's Hybrid Assessment, which combines source code review with black box (or dynamic) testing, is what differentiates nVisium and allows for the most comprehensive and effective assessments for our clients. This approach allows for a best-of-both-worlds assessment.
nVisium will review the application in its runtime environment in order to learn how the application works from a purely functional standpoint. This allows nVisium to better understand the application, as well as identify key areas where business logic should be thoroughly reviewed. After determining how the application works, nVisium will perform a review of the source code to discern the structure of the code base.
nVisium integrates with your team's existing development processes to help build a more robust software security program within your organization. Each member of our team has an extensive background in both software engineering and security.
“nVisium’s approach was unique and the team provided actionable findings. They strove to make our application secure and resilient.”Rich Ronston / Director of IT Security at Deltek
“nVisium has a world class application security consulting team that brings unprecedented knowledge, innovation and leadership to help train, advise and assist our development teams.”Jerry Gamblin / Lead Security Analyst at CARFAX
“nVisium performed a hybrid mobile assessment and then took those findings to build a custom security training course for our developers. The training was valuable, engaging and helpful for the developers to understand the importance of building secure software from the ground up. nVisium's training resulted in more secure code across the organization.”Tony Trummer / Director of Security Engineering at Tinder