An Application Configuration Review is an assessment of the security risks that are associated with your web applications and client server applications; both those that have external exposure via the internet (such as web shops and customer portals), and those that are part of the internal working of your organisation (such as your finance system or customer relationship management software-CRM).

As part of an Application Configuration Review, Broken Cipher will carry out a security assessment of:

• The design of each component
• Web site communications
• Application layer
• Web services
• Database
• Interfaces

Our experienced and qualified consultants will sample code from sensitive areas such as authentication, database calls, validation, business rules and configurations to ensure the highest security is in place.

A Broken Cipher Application Configuration Review will audit against relevant sections of the information security standard ISO 27001, specifically:

• Communications and operations management
• Access control
• Information systems acquisition
• Development and maintenance
• Business continuity management

Where required Broken Cipher will also review application development policies and procedures, including coding standards and give you advice for avoiding security risks in the future.

The output of a Broken Cipher Application Review is a report with a non-technical overview of the impacts and likelihood of the most serious security issues, coupled