Try AffectLog

Experience the full features of the platform and discover
the benefits it can bring to your organisation.

by submitting this form you agree to our privacy policy.

Thank you for your request. We will contact you shortly to get you up and running with a AffectLog Risk Assessment Platform.

There was an error signing up to our newsletter. Please try again later.

Trial now
Home Platform

AffectLog Platform

AffectLog Basic AffectLog Enhanced AffectLog Ultimate

First steps, automated, or whole of portfolio view

AffectLog Basic assessment determines an application's ability to protect against common vulnerabilities. It is also a good starting point for a multi-phase security effort or for applications that do not handle sensitive data. AffectLog Basic assessment is done automatically or manually without access to the source code. AffectLog Basic is designed to assess application capabilities against low-effort attacks used to identify and exploit vulnerabilities. It's not meant to protect against more determined attackers who will specifically target the application. If the data processed by the application has high value, it's generally not recommended to stop at AffectLog Basic review.

Critical applications, or sensitive scenarios

AffectLog Enhanced assessment is considered to have adequate protection against most of the common risks associated with applications today. AffectLog Enhanced is typically appropriate for applications that handle important transactions, such as those that process healthcare information or sensitive assets, or those that implement business-critical or sensitive functions. This level is also relevant for industries where integrity is a critical aspect of their business. Threats to applications at this level are likely to come from motivated attackers targeting specific applications and using highly effective tools and techniques to discover and exploit weaknesses.

Highest value, highest assurance, or highest safety

AffectLog Ultimate assessment is the highest level of verification typically used for critical applications such as those in military, health, safety, and critical infrastructure. It requires in-depth analysis of architecture, coding, and testing, and is designed to defend against advanced security vulnerabilities and promote good security design. The AffectLog platform uses Machine Learning to identify potential threats and vulnerabilities that may have been missed by manual checklist processes, especially in large codebases.

AffectLog helps.

Automate

AffectLog ML360° is trained on the ASVS requirements and is used to automatically evaluate the security of a web application against those requirements. This helps organizations save time and resources by automating the assessment processes.

Identify

AffectLog ML360° is used to analyze the code identify potential vulnerabilities or weaknesses. This helps AI driven organizations identify and address security issues before they become a problem.

Try now

Recommend

AffectLog ML360° is used to analyze the security of an application and provide recommendations for improvement based on the ASVS requirements. This could help organizations identify areas where their security profile could be strengthened.

AffectLog ML360° helps continuously monitor the security of an application and alert us to any changes or issues that may arise. This helps us stay on top of our security posture and quickly address any issues that arise.

CISO (Zosher)

Best-in-class risk assessment solution
for securing all platforms

AffectLog Web
(AL-W360°)

The AffectLog W360° Platform builds on the latest Application Security Verification Standard (ASVS) to provide a comprehensive set of security requirements that can be used to assess the security of applications. It includes requirements for verifying the security of various components of an application, including:

  • Authentication and session management This includes requirements for verifying the security of mechanisms used to authenticate users, manage user sessions, and prevent unauthorized access.
  • Access control This includes requirements for verifying the security of mechanisms used to control access to resources within the web application.
  • Data validation This includes requirements for verifying the security of mechanisms used to validate user input and prevent injection attacks.
  • Data storage and retention This includes requirements for verifying the security of mechanisms used to store and manage data within the web application, including requirements for data encryption and secure deletion.
  • Cryptographic functions This includes requirements for verifying the security of mechanisms used to perform cryptographic operations, such as hashing and encryption.
  • Communication security This includes requirements for verifying the security of mechanisms used to secure communications between the web application and other systems.
  • Application architecture and design This includes requirements for verifying the security of the overall architecture and design of the web application, including requirements for secure coding practices.
  • Risk assessment and management This includes requirements for verifying the security of mechanisms used to assess and manage risks to the web application, including requirements for incident response and vulnerability management.
AffectLog Mobile
(AL-M360°)

AffectLog M360° runs a comprehensive set of security requirement checks to assess the security of mobile applications. It includes requirements for verifying the security of various components of a mobile application, including:

  • Client-side storage and data protection This includes verifying the security of the mechanisms used to store and protect data on the mobile device, such as the use of encryption and secure deletion.
  • Communication security This includes verifying the security of the communication channels used by the mobile application, including the use of secure protocols such as HTTPS.
  • Cryptographic controls This includes verifying the security of the cryptographic functions used by the mobile application, such as hashing, signing, and encryption.
  • Server-side controls This includes verifying the security of the server-side components of the mobile application, including the use of secure communication channels and the implementation of access controls.
  • Authentication and session managementThis includes verifying the security of the authentication process, session tokens, and logout functionality.
  • Network security This includes verifying the security of the network infrastructure used by the mobile application, including the use of secure protocols and the implementation of firewalls and other security controls.
  • Code-level protection This includes verifying the security of the code used to build the mobile application, including the use of secure coding practices and the implementation of code signing and other code-level protections.
  • Reverse engineering protection This includes verifying the security of the mobile application against reverse engineering attacks, such as the use of code obfuscation and other techniques to make it more difficult to reverse engineer the application.
AffectLog ML
(AL-ML360°)

AffectLog ML360° risk assessment is used to help ensure the security of ML powered applications by verifying that appropriate safeguards are in place to protect sensitive data, ensure the quality and accuracy of the model, and secure the model against potential attacks. AffectLog ML360° Platform extends legacy ASVS to include requirement checks that are specifically relevant to machine learning (ML) powered applications, including:

  • Data protection ML models are typically trained on large datasets, which may include sensitive personal or financial information. The AffectLog ML360° risk assessment includes requirements for the protection of this data, including the use of encryption and secure data deletion.
  • Model training and testing The AffectLog ML360° risk assessment includes requirements for verifying the security of the processes used to train and test ML models, including the need to ensure that the training data is representative of the real-world data that the model will be used on.
  • Model deployment The AffectLog ML360° risk assessment includes requirements for verifying the security of the processes used to deploy ML models into production, including the need to ensure that the model is secure against attacks such as poisoning and evasion.
  • Model monitoring and maintenance The AffectLog ML360° risk assessment includes requirements for verifying the security of the processes used to monitor and maintain ML models, including the need to monitor the model's performance and accuracy over time.
AffectLog API
(AL-API360°)

The AffectLog API360° assessment builds on the latest ASVS to provide a comprehensive set of security requirements that can be used to assess the security of applications. It includes requirements for verifying the security of various components of an application, including:

  • Authentication control This includes requirements for verifying the security of mechanisms used to authenticate users, manage sessions, and prevent unauthorized access.
  • Access control This includes requirements for verifying the security of mechanisms used to control access to resources within the API access.
  • Data storage and retention This includes requirements for verifying the security of mechanisms used to store and manage data within the web application, including requirements for data encryption and secure deletion.
  • Cryptographic functions This includes requirements for verifying the security of mechanisms used to perform cryptographic operations, such as hashing and encryption.
  • Communication security This includes requirements for verifying the security of mechanisms used to secure communications between the APIs and other systems.
  • API architecture and design This includes requirements for verifying the security of the overall architecture and design of the API, including requirements for secure coding practices.
  • Risk assessment and management This includes requirements for verifying the security of mechanisms used to assess and manage risks to the API, including requirements for incident response and vulnerability management.

Audit, explain & visualise

AffectLog extends widely adopted industry standards for risk assessment, such as OWASP, UNESCO Recommendation on Ethics of AI, EU AI Act draft text, and NIST, to build its functionalities.

AffectLog’s audit checklist encompasses Mobile Security Testing Guide, the Web Application Security Consortium (WASC) Threat Classification, Privacy Risk Assessment Methodology (PRAM) and the GDPR Data Protection Impact Assessment (DPIA) to assess the relevant security and data privacy risks of mobile and web applications.

The platform aims to provide an auditable, explainable and transparent system to document the assessment checklist and the assessment scores.

Client Verticals
Our Research

Ready for trial?

Full working setup in under 24 hours.

Try AffectLog now