Web Application Security Assessment

Service Offerings

The following is a comparison of our web application security assessment options. The basic and advanced levels are one time assessments while the comprehensive provides an ongoing quarterly assessment service.

Introduction

Web sites and applications are the most vulnerable area within any organization's environment. The convenience of access provided to customers, employees, and partners is the same convenience of access provided to potential attackers. Weaknesses within the design, development, and deployment of web sites and applications can be exploited to gain unauthorized access to confidential data from anywhere.

Description

Our web application security assessment service helps organizations identify weaknesses within their applications. Our testing methodology emulates the methods used by an attacker utilizing both automated and manual testing. Common web application weaknesses include:

• Improper Client Session Handling
• Weak Encryption Handling
• Poor Input Validation
• Non-existent Output Encoding
• Broken Workflow and Access Control
• Insecure Error Handling
• Information Disclosure
• Service Vulnerabilities

These weaknesses provide attackers with the opportunity to exploit web sites, applications, users, and data through a wide variety of attacks such as:

• Injection Attacks (SQL, SSI, LDAP, XPATH)
• Cross Site Scripting (XSS)
• Cross Site Request Forgery (CSRF)
• Parameter Tampering
• Command Execution
• Session Hijacking
• Logical Attacks

Benefits

After receiving our web application assessment service you will fully understand the attack surface your web application presents and how to reduce that surface to acceptable levels for your business.