Navigation
- Services
- Application Assessment
- Code or Design Review
- Security Awareness
- Threat Analysis
- Products
- Acunetix WVS
- KFSensor Honeypot
- MOBILedit! Forensic
- Passware
- Sawmill Analytics
- Sunbelt Software
-
People
-
Management
- Contact
Latest news
Astyran adds Acunetix WVS to its suite of products(01/12/2008)
Astyran is proud to announce that it is now an official partner and reseller of Acunetix. Stay tuned for an update.
eBanking Fraud and Cyber Security Seminar(06/03/2008)
Mr. Stevens, founder and owner of Astyran, presented his insights in source code reviews at the eBanking Fraud and Cyber Security Seminar of the Monetary Authority of Singapore (MAS).
Owasp/ISSA joint meeting (20/11/2007)
Mr. Frantzen and Herman Stevens delivered a much appreciated and discussed
presentation on Application Security Awareness Training for developers at the
joint meeting of the Belgian ISSA and OWASP chapters. You can download the
presentation here, there (OWASP) and there (ISSA).
Code Review
Overview
Outsourced Development? High Risk Application?
To mitigate potential risks (e.g. typical vulnerabilities, developer planted malware, ...)
a source code audit might be appropriate. Other reviews, without having the source code
available, are generally speaking less complete, since the auditor must try to detect
vulnerabilities by testing blindly, while with source code review the same bug is apparent
in seconds.
Our Approach
Focus the Review
We optimize the audit by focusing on the security critical parts of the application,
since an exhaustive review seldom is cost-effective. Reviewing the business context
of the application, analysing the threats, looking at the results of the risk assessment
and existing development related documents enables the expert to identify primary focus areas where the most critical elements
reside or the aspects that have a high likelihood to be abused or to be attacked.
The advantage is that high risk issues surface early in the review. During the code review
itself we gain a deeper understanding of the weaknesses and strengths of the application
and will review new issues that might surface.
Application Assessment
Tired of looking at incomprehensible technical reports about the security of
your applications without any business relevance? Need a
business driven approach?
Security Awareness
Need a trainer or need help creating your awareness program? We can assist you with all aspects of your awareness initiatives for development teams.
Threat Analysis
The goal of analysing threats is to document all possible threats against an application with the goal of implementing countermeasures at the design level where feasible.
More information here.