TWM Associates, Inc. (TWM) is an Information Assurance (IA) consulting and engineering firm that has been serving our customers for over 25 years.
In that time, TWM has performed hundreds of application reviews and assessments for a variety of federal and private sector clients. These reviews can be based on the yellow book in support of Office of Inspector Generals (OIGs), based on CobIT in support of General Auditors, or based on a variety of laws, regulations, and best business practices. TWM has performed traditional applications reviews focusing on the inputs, processing, and outputs as well as applications reviews that are focused on breaking web-based applications.
Based on the application security documentation and TWM’s understanding of common exploits and/or control weaknesses, a detailed assessment plan is developed to perform the application review within the context of the contracted activities. This can include input controls to the application; Web-based edits and weaknesses if Web-based; balancing and edit controls if non-Web-based, processing controls, and output controls. The assessment plan also identifies the tools to be used during the context of the testing to satisfy the detailed steps of the assessment plan. TWM also utilizes our own host-based assessment tools which are developed based on federal policies and guidance and best business practices. To date these tools have been used to evaluate hundreds of platforms throughout the world.