+1 (845) 317-8489 [email protected]

What type of user access does your application offer (internal, external [Internet-facing], both, or neither)?


What is the basic authentication and authorization for the external-facing (Internet) portion of your application? 


Are there anonymous users?  


Is there a secure channel? What is that channel?



Data Classification

What type of data is contained in your application?  


Does your application contain personal data?


How business-sensitive is the data managed by your application?



What function does your application fulfill? How critical is its role?



What is the authentication mechanism used by the client population?