Application Security - Secure software for a secure business

Threat modelling is a structured process that identifies potential security threats in systems, applications or processes at an early stage. Possible attack paths are analysed, vulnerabilities assessed and countermeasures developed to ensure security from the outset.

In the first step, @-yet analyses your system or architecture in detail to gain a comprehensive understanding. Possible threats and attack paths are then identified and vulnerabilities localised. The @-yet then evaluates these threats according to their probability and potential impact in order to prioritise the most critical risks. Finally, @-yet uses the analysis to develop specific security strategies and measures that effectively protect your systems.

Threat modelling is proactive security. You recognise and eliminate potential risks before they can cause damage. You save time and costs associated with time-consuming remedial work. At the same time, threat modelling increases your team's awareness of security risks and supports you in meeting regulatory requirements.

With the threat modelling solution, @-yet makes security an integral part of your processes. You create a stable foundation for your company. Protect your systems - we will support you!

A whitebox penetration test is a methodical process in which the security experts at @-yet analyse the source code of your software products. In addition to checking for configuration errors, they examine the source code primarily for security-relevant aspects. This ensures that security vulnerabilities are detected efficiently and reliably.

The @-yet consultants base their checks on best practices for secure software development. They primarily look at known vulnerabilities, but also identify potential new ones. Factors such as strong authentication, secure transmission and storage of data and secure session management also play a role here.

Another important point in the source code review as part of a whitebox penetration test is the dependencies or libraries. A large number of these additional packages are often used in the development of new software. And often in outdated versions. These represent a security risk as they can contain known vulnerabilities that are actively exploited by cyber criminals.

Our application security specialists also make sure that no sensitive data is contained in the source code of an application. All too often, for example, access data to backend systems is stored in the source code by the developers. What is very convenient on the one hand quickly becomes a security vulnerability on the other.

The security aspect is at the centre of software development right from the start. At least that should be the ideal case. The reality is often different. Security is usually at the end of the development cycle. With a DevSecOps audit, @-yet shifts this focus.

The @-yet also tests deployment infrastructures in the form of penetration tests. The @-yet security experts simulate an attack using exactly the same attack methods that a real attacker would use. In this context, there is also talk of ‘assumed breach tests’. These tests begin with the assumption that unauthorised persons have already gained access to the system in question. This enables the @-yet teams to identify and eliminate vulnerabilities that could potentially allow attackers unauthorised access to the internal IT infrastructure.

Another aspect is configuration checks of the so-called CI/CD pipelines. In the past, software products were updated at certain intervals. Today, this is mainly realised as a continuous and automated process. This process includes not only the development, but also the testing, integration and distribution of the software. The @-yet improves the security of the entire process with in-depth testing.

The security experts at @-yet also check existing container solutions and orchestration environments. If security gaps occur here, there is always a risk of attackers breaking out of the container environment. Access to the underlying systems or entire networks is then possible. Regular vulnerability scans and manual checks for possible outbreaks are a tried and tested means of preventing this. Vulnerabilities are thus discovered at an early stage. They can be closed before an attacker can exploit them and compromise parts of the IT infrastructure.