Merlin leverages a combination of skilled software engineers and cyber-security experts to provide application security solutions that address the application itself as well as the environment within which the application is deployed, accessed and executed. This layered approach moves from code-level analysis and risk mitigation for custom code to black-box testing and remediation activities for COTS solutions, as well as IDS/IPS, Antivirus, firewall settings and host-based security approaches for the end-point on which the application is running and the network components that interact directly or indirectly with the application.
For applications to which our team has access to the code base, tools such as HP Fortify will be used in combination with applied knowledge of code-level security practices to harden applications at their deepest levels. This includes those applications that leverage open-source code, preventing malicious individuals from exploiting known weaknesses deeply rooted in the code base itself. For applications that have proprietary code bases, our engineers deploy use-case driven black-box testing approaches using a number of industry-standard tools that reveal anomalies in application behaviors during intensive execution and analyses of an application’s complex feature sets.