Our Process

[karma_callout_text style=”karma_callout_2″] [/karma_callout_text]

When your software team finishes a project, the last thing they want to do is comb through their own code to find errors. This is where we excel. We test every security aspect of your code leveraging over 10 years and billions of lines of code analyzed worth of experience and expertise. It’s not enough to know the application works, it needs to be free from vulnerabilities to protect your brand and customers.

We start with an initial consultation to understand you and your business. We will then go through our free QuickCheck code analysis service to identify and help you to understand your risks. Finally, based on your results, our experts will work with you to formulate a plan and determine the depth of analysis needed.

We analyze your code using state-of-the-art methods:


Security threats exist in today’s information technology and software environments. BreachPoint is the most sophisticated process on the market for analyzing application source code for potential security implications exposing opportunities for systems to be compromised and exploited.

Several threat detection standards overlap and are included within this service including but not limited to the below:

  • Information Assurance Technical Framework (IATF)
  • Common Code Criteria – National Institute of Standards and Technology (NIST)
  • Top 25 Most Dangerous Programming Errors – MITRE Common Weakness Enumeration (CWE)
  • Open Web Application Security Project (OWASP)


NetReady is the process of searching and identifying categories of errors mapped directly to the governing requirements by Defense Information Systems Agency (DISA).

The STIG categorizes all requirements with a Severity Code. Any violation of the requirement is treated as having one of three predefined levels of severity.

  • Category I/CAT I: Vulnerabilities leading to the immediate unauthorized access of the application.
  • Category II/CAT II: Vulnerabilities having a high potential of granting unauthorized access of the application.
  • Category III/CAT III: Vulnerabilities indirectly causing the application to have unauthorized access.