Application Security Testing and Source Code Review

Most code reviews for application security testing incorporate a manual source code review process to pinpoint significant code-level issues that might be leveraged by attackers to compromise a system and/or application. In addition to manual review guided automated tools, including publicly available tools from the U.S. Department of Homeland Security (DHS), Software Assurance Marketplace (SWAMP) platform, are leveraged to perform static and dynamic analysis to detect sensitive code snippets which can potentially be abused. Our SMEs will use use program slicing scripts trace code dependencies and locate the specific locations of any identified. We identify weaknesses as defined in the MITRE standard of Common Weakness Enumeration includes running a set of publicly available tools.

ESL Global Cybersecurity Institute

Our state-of-the-art Cyber Range and Training Center, located at the ESL Global Cybersecurity Institute on RIT’s campus in Rochester, NY. It is capable of hosting more than 5,000 virtual machines simultaneously in immersive scenarios, enabling Executive Incident Response Training, Threat Intelligence and Emulation Training, and more.

Within this infrastructure, we are able to introduce threat intelligence systems in scale replicas of any massive, global business, with specific focus on healthcare, energy, and finance. The Cyber Range and Training Center provides alternate reality instructional vignettes for cohorts of corporate leaders and IT security professionals to experiment and learn, facilitating research opportunities in the most critical of industries.