Web Application Security Assessment
Service Offerings
The following is a comparison of our web application security assessment options. The basic and advanced levels are one time assessments while the comprehensive provides an ongoing quarterly assessment service.
Introduction
Web sites and applications are the most vulnerable area within any organization's environment. The convenience of access provided to customers, employees, and partners is the same convenience of access provided to potential attackers. Weaknesses within the design, development, and deployment of web sites and applications can be exploited to gain unauthorized access to confidential data from anywhere.
Description
Our web application security assessment service helps organizations identify weaknesses within their applications. Our testing methodology emulates the methods used by an attacker utilizing both automated and manual testing. Common web application weaknesses include:
- Improper Client Session Handling
- Weak Encryption Handling
- Poor Input Validation
- Non-existent Output Encoding
- Broken Workflow and Access Control
- Insecure Error Handling
- Information Disclosure
- Service Vulnerabilities
- Injection Attacks (SQL, SSI, LDAP, XPATH)
- Cross Site Scripting (XSS)
- Cross Site Request Forgery (CSRF)
- Parameter Tampering
- Command Execution
- Session Hijacking
- Logical Attacks
Benefits
After receiving our web application assessment service you will fully understand the attack surface your web application presents and how to reduce that surface to acceptable levels for your business.
