To uncover vulnerabilities in an application. Deploying vulnerable applications can cause security issues for an organisation and its clients. By locating and mitigating these vulnerabilities before shipping the product, the negative impact of someone else discovering them can be avoided.
Once the software, documentation and code has been delivered to Danish Cyber Defence, the analysis is performed offsite. A contact point from the client is needed in order to facilitate any issues that might arise during the test.
That an application is tested at least once before deployment. Furthermore, if the application is an evolving code base, we recommend that it be tested biannually or before major code updates are deployed.