Application Security
Application security is the process of developing, adding, and testing security features within applications to prevent security vulnerabilities against threats such as unauthorised access and modification. We will embed ourselves into your secure software development life cycle and will support your development teams with web, mobile and API assessments.
Features
- Component based testing and black box based testing.
- Testing based on a release candidate or interim test phase.
- Iterative 'time-box' testing aligned with change and release cycle.
- Annual full system testing of the application layer.
- Anonymous and authenticated based application testing.
- Application hosting and infrastructure testing.
- Web, API and mobile OWASP based testing.
- Identify API endpoint URL security vulnerabilities.
- iOS (IPA) and android (APK) testing of prototype/live apps.
Benefits
- Test web apps are suitably protected from unauthenticated users.
- Check standard users can't access admin data services.
- Test applications are suitably protected from malicious authenticated users.
- Confirm correct user management practices in place.
- Test horizontal and vertical privilege escalation is not possible.
- Check that segregation is in place between user/admin accounts.
- Confirm that lateral movement is not possible between networks.
- Test for vulnerabilities with outdated components.
- Test the end user journey based on app features.
- Check website functionality, authentication and validation.
Pricing
£990 a unit a day
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
5 8 7 3 0 8 0 0 0 1 9 6 5 1 0
Contact
Sapphire
Katie Smith
Telephone: 0845 58 27001
Email: katie.smith@sapphire.net
Planning
- Planning service
- No
Training
- Training service provided
- Yes
- How the training service works
- Vulnerability assessment and remediation end user training. All training can be bespoke and tailored to the clients requirements.
- Training is tied to specific services
- No
Setup and migration
- Setup or migration service available
- No
Quality assurance and performance testing
- Quality assurance and performance testing service
- No
Security testing
- Security services
- Yes
- Security services type
-
- Security strategy
- Security risk management
- Security design
- Cyber security consultancy
- Security testing
- Security incident management
- Security audit services
- Certified security testers
- Yes
- Security testing certifications
-
- CHECK
- CREST
- Cyber Scheme
- Other
- Other security testing certifications
- Cyber Essentials Technical Auditor (CE+)
Ongoing support
- Ongoing support service
- No
Service scope
- Service constraints
- None, as the service will be defined during the project scope.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Monday to Friday 9x5 e-mail helpdesk support support@sapphire.net or 0845 58 27999. Questions are typically answered within 4hrs.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Support levels
-
"
Level 1 - Sapphire Helpdesk The first point of escalation should always be the Sapphire HelpDesk and escalation must be separate from the initial call to log the fault. The Cloud customer must obtain a case reference number for the fault. Level 2 - Sapphire Professional Services Manager This is the second point of escalation in the event of the HelpDesk being uncontactable or an increase in call priority being required. The Cloud customer should quote the case reference number provided. Level 3 - Sapphire Business Services Director This is the third point of escalation in the event of the Manager being uncontactable or a further increase in call priority being required."
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Security Clearance (SC)
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- SGS
- ISO/IEC 27001 accreditation date
- 07/06/2023
- What the ISO/IEC 27001 doesn’t cover
- Na
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- OCSP
- OSCE
- CISSP
- CEH
Social Value
- Social Value
-
Social Value
- Fighting climate change
- Covid-19 recovery
- Equal opportunity
- Wellbeing
Fighting climate change
We make sure that we recycle where we can and take appropriate modes of transport to get to clients. Our offices in Darlington and Glasgow are easily accessible by public transport meaning that many of our colleagues go to an office by these means. For other colleagues, we offer remote working, and colleagues are able to attend an office when they need We are pricing our services to encourage customers to prefer remote access and remote working where possible. One of Sapphire staff is undertaking a part time PHD studying the carbon consequences of cyber crime and it’s mitigation which is inclusive of Sapphire customers and partners.Covid-19 recovery
We have encouraged our staff back to office working especially in the SOC which runs 24*7 shift patterns. We have recently engaged in local communities by hiring space in local charity buildings for company meetings as in house face to face meetings. We have performed pro-bono work with charities to check their security status and help them move onwards from Covid in the face of increased cyber attacks on charities.Equal opportunity
We have an Equal Opportunities policy which everyone in Sapphire adheres to. We are currently at 29% of females in our organisation, a number that has grown over the last few months. Our recruitment processes allow us to interview the best people for the roles we have available, and we insist on 50:50 short-lists for all roles. We value the views of others and see as a strength our openness to challenge. We have recently employed further military reservists giving them the opportunity to be deployed overseas helping HM Government. Recently we have signed documentation to join the NCSC Cyber First scheme to help young people especially women and girls to join the ranks of cyber professionals. We also mentor young people who are keen to move into cyber at some stage in their career.Wellbeing
We take the wellbeing of our colleagues seriously; we offer an Employee Assistance Programme, have health cover, a pension scheme and Life Cover. We also provide opportunities for colleagues to Give Back to local projects/schemes and they can use a day a year to do this.
Pricing
- Price
- £990 a unit a day
- Discount for educational organisations
- No