Collaborative Security Assessments

Unlike a traditional penetration test, a Collaborative Security Assessment (CSA) involves Carve consultants and your software architects and engineers working together to evaluate and improve the security of your systems and applications.

The benefits of a CSA to you, the customer, are:

  • Carve Systems methods combined with your teams knowledge generate higher quality findings in a shorter period of time
  • Your architects and engineers get “on the job” software security training
  • Engagement deliverables satisfy compliance requirements for penetration testing
  • Automated security tests designed for your application that can be incorporated into your CI/CD pipeline using Carve’s Restrike testing platform
  • Engagement concludes with training based on your applications, your threats, and tailored for your people

The key activities of a CSA are:

  • Security Architecture Review: a review of your proposed or existing application architecture and infrastructure (AWS, GCP, Azure, on-prem, hybrid, etc.), data flows throughout the environment, existing security controls, and known security assumptions
  • Threat Modeling: enumeration of threats to your business assets, analysis of existing controls and gaps in control, and recommendations for remediation 
  • Threat-Driven Security Assessment: manual code review and human-driven penetration testing designed to evaluate your susceptibility to threats prioritized during your Threat Modeling exercise
  • Security Engineering Remediation Support: Carve works with your architects and engineers to ensure identified vulnerabilities are controlled, remediated, or properly prioritized in the backlog for remediation
  • Tailored Security Training: based on results of previous activities, Carve security experts delivered training to your product managers, software architects, and software engineers that is unique and tailored based on your applications, infrastructure, and security concerns