Software & Application Security Services

Catch Security Problems Early in the Lifecycle

Research has shown that fixing security problems early in the development cycle is more efficient and cost-effective than the traditional penetrate-and-patch model. McAfee Foundstone’s software and application security services allow our consultants to identify detrimental software security problems — often before the software is even built.

Software engineering studies show that approximately 80% of security bugs and flaws are introduced during the early stages of software development, often before even a single line of code is written. Using threat modeling, we can typically identify over 75% of the architectural flaws, enabling development teams to prevent implementing insecure software.

Foundstone consultants are expert reviewers and have helped a number of major software, financial services, and other companies develop software security methodologies. We have significant experience reviewing a wide variety of software, including portals, e-commerce sites, financial services and health care applications, and desktop and developer software.

Foundstone’s capability in secure application development originates with our software and application security service (SASS) consultants, who have performed threat models and source code audits on numerous client applications, as well as their own software. Our SASS consultants worked as development practitioners on commercial enterprise software systems and understand the software development process, as well as why and how security bugs and flaws are introduced.

Application Threat Modeling

Identify and fix security problems early in the software development cycle. Prevent implementing insecure software, gain efficiencies, and lower costs with Foundstone's application threat modeling services.

Interactive Voice Response (IVR) Assessment

Find security holes in IVR systems before hackers can compromise your systems.

Mobile Application Assessment

Improve the security of mobile applications. McAfee Foundstone identifies security holes in production mobile applications before hackers can exploit vulnerabilities, quantifies risks, and provides mitigation recommendations.

Software Security Maturity Assurance (SSMA) Assessment

Evaluate, implement, and improve current software security programs and practices — for individual projects, in a single business unit, or across an entire organization.

Source Code Security Assessment

Improve application security. Foundstone assesses source code for design flaws and implementation bugs to find policy and best practice violations that lead to vulnerabilities.

Thick Client/Binary Application Assessment

Discover your applications' vulnerabilities before hackers can exploit the weaknesses.

Web Application Penetration Assessment

Improve the security of your web applications. Foundstone identifies holes in production websites before the hackers can exploit vulnerabilities, quantifies the risks to your business, and provides mitigation recommendations.

Web Services Security Assessment

Identify threats, vulnerabilities, and risks in your organization’s web services infrastructure with this comprehensive security assessment.

“We especially appreciate McAfee Foundstone's professionalism and concern for quality, as well as the vendor neutrality it consistently displays.”

Todd Berman, Director of Security and Information Protection, PMI Mortgage Insurance Co.
Next Steps
  • Frequently Asked Questions
  • RFP Template
    Foundstone has developed this Request for Proposal ("RFP") template to help organizations identify and select a quality security vendor to perform professional services work.