Accuvant Expands Application Security Offering

February 20, 2005 - Denver, Colorado - Accuvant, an elite provider of information security solutions, announced today the expansion of their application security assessment practice to include application code review services to help clients better secure existing applications and to develop new applications with security in mind.

A key driver behind this expansion was the acquisition of Apex Technologies Inc.'s (Apex) code review methodologies, training courseware, secure development practices, and other intellectual property. Prior to this acquisition, Apex was a leading web application security company focused entirely on assisting clients with developing and maintaining secure custom applications. Founded in 1998, Apex combined knowledge, experience and expertise to provide application security services for a wide range of clients including several Fortune 100 clients.

Integrating the Apex acquisition allows Accuvant's application security team to offer a full lifecycle of application security assistance. Accuvant can train client developers on secure coding practices and developing easily repeatable secure coding methodologies. Once code has been written, Accuvant can provide a third-party line-by-line code review of potential security flaws at granular level. Finally, once applications are ready for testing or already in production, Accuvant can perform a security assessment to identify vulnerabilities and security risks unique to custom web-based applications, from hosting platform, to database set up and security device integration.

"We are responding to heightened demand for web application security services," stated Bill Strub, Vice President of Consulting for Accuvant. "Most organizations have learned to keep up with patching the operating systems and web servers in their DMZ. But as the number, size and complexity of custom web applications has increased, so have the number of unique, harder to detect vulnerabilities like SQL injection and cross site scripting."

Accuvant has expanded its consulting team and its ability to handle code review projects by hiring several seasoned developers, who can assist clients by manually reviewing code for design or programming flaws including authentication, access control, secure state and session management, data privacy, input validation, test, debug, file I/O, error and exception handling, mobile code, butter overflow, and race conditions.

"When an organization deploys a web application, they invite the world to send them HTTP requests. Attacks buried within these requests sail past firewalls, filters, platform hardening and intrusion detection systems without notice because they are inside a legal HTTP request," says Mitch Moon, former CEO of Apex Technologies and a foremost expert on application security. "Ensuring that source code is written securely is a key element in application security."

About Accuvant : Accuvant provides solutions to address enterprise information security challenges. Accuvant security consultants rely on industry expertise and proven methodologies to help clients assess their environment, improve their compliance posture, and secure their infrastructure. Headquartered in Denver, Accuvant has 15 offices across the United States. For more information on Accuvant, please visit