OWASP AppSec Research 2013

Acquisitions are a possibility for companies to grew and enlarge their possibilities and portfolio. As part of the acquisition process companies have to perform due diligence (DD) analysis. Architecture and technology assessments are often conducted as a retrospective. During the DD and Acquisitions Processes it is often forgotten that systems, platforms and software solutions creating a complex „ECO-System“ that are key for the most business-processes. Also mobile- and Web applications as well as software services are an integral element in the offered products or services.
The evaluation of Software and Information Security as part of due diligences is relative unexplored and maybe not so much in focus of due diligences in the past.
Such as technology and architecture reviews can be carried out properly and efficiently, will be described by way of a process model. Here, based on the experience of the speaker touched the aspects which technical tools are available for analysis, such as a relatively objective assessment can be achieved and how the results can be communicated to all stakeholders.