Application Security

TWM Associates, Inc. (TWM) is a Cybersecurity, IT Audit, FISMA, CMMC Support and Information Assurance (IA) consulting and engineering firm assisting our customers for over 30 years.

In that time, TWM has performed hundreds of application reviews and assessments for a variety of federal and private sector clients. These reviews can be based on the yellow book in support of Office of Inspector Generals (OIGs), based on CobIT (Control Objectives for Information and Related Technologies) in support of General Auditors, or based on a variety of laws, regulations, and best business practices. TWM has performed traditional applications reviews focusing on the inputs, processing, and outputs as well as applications reviews that are focused on breaking web-based applications.

Based on the application security documentation and TWM’s understanding of common exploits and/or control weaknesses, a detailed assessment plan is developed to perform the application review within the context of the contracted activities. The assessment plan also identifies the tools to be used during the context of the testing to satisfy the detailed steps of the assessment plan.

TWM also uses our own host-based assessment tools, developed based on federal policies and guidance and best business practices. To date, these tools have been used to evaluate hundreds of platforms throughout the world.