To uncover vulnerabilities in an application. Deploying vulnerable applications can cause security issues for an organisation and its clients. By locating and mitigating these vulnerabilities before shipping the product, the negative impact of someone else discovering them can be avoided.

• Software and code delivered – the client provides Danish Cyber Defence with a working copy of the software, documentation and optionally source code.
• Analysis – the application is tested both manually and with automated tools to locate possible vulnerabilities and issues that could compromise the security of the application. If access to source code is included in the scope, portions of the code will be reviewed and used to drive parts of the manual test process.
• Reporting – we present our findings to the relevant stakeholders focusing on how to resolve the uncovered security issues from the application.

Once the software, documentation and code has been delivered to Danish Cyber Defence, the analysis is performed offsite. A contact point from the client is needed in order to facilitate any issues that might arise during the test.

That an application is tested at least once before deployment. Furthermore, if the application is an evolving code base, we recommend that it be tested biannually or before major code updates are deployed.