Web Application Security Assessment

Service Offerings

The following is a comparison of our web application security assessment options. The standard and advanced levels are one time assessments while the recurring provides an ongoing quarterly assessment service.

Introduction

Web sites and applications are the most vulnerable area within any organization's environment. The convenience of access provided to customers, employees, and partners is the same convenience of access provided to potential attackers. Weaknesses within the design, development, and deployment of web sites and applications can be exploited to gain unauthorized access to confidential data from anywhere.

Description

Our web application security assessment service helps organizations identify weaknesses within their applications. Our testing methodology emulates the methods used by an attacker utilizing both automated and manual testing. Common web application weaknesses include:

• Improper Session Handling
• Weak Encryption
• Poor Input Validation
• Insecure Output Encoding
• Broken Workflow and Access Control
• Poor Error Handling
• Information Disclosure
• Service Vulnerabilities

These weaknesses provide attackers with the opportunity to exploit web sites, applications, users, and data through a wide variety of attacks such as:

• Injection Attacks (SQL, SSI, LDAP, XPATH, OS Command)
• Cross Site Scripting (Stored/Reflected/DOM-Based XSS)
• Cross Site Request Forgery (CSRF)
• Parameter Tampering
• Directory Traversal
• Session Hijacking
• Logic Attacks
• Brute-Force & Dictionary-Based Attacks

Benefits

After receiving our web application assessment service you will fully understand the vulnerabilities in your web application including the impact/exploitability of each vulnerability and how to reduce risk to acceptable levels for your business.