Web-Application Security Assessment

Majority of attacks today occur at the application level. The attacks through applications layer is much easier than through the network layer. Despite common use of defenses such as Application firewalls and intrusion detection and prevention systems, hackers still pose serious liability by using sophisticated mechanisms to remain undetected.

With the emergence of Web 2.0 information sharing through Social Networking and business adoption of Web as a means of doing business and delivering service has significantly increased. These websites with high business value become prime target for these attacks. Hackers either seek to compromise the application, steal data or target end-users accessing the web application.

As a result, industry is paying increased attention to the security of the web applications themselves in addition to the security of the underlying computer network and operating systems

  • Identifies application security issues before they are exploited.
  • visibility on real-world perspective into hacker techniques and motivations.
  • Improved visibility of your Web Application Risks.
  • Increase of customer confidence and trust on the business application.
  • Prevents application downtime and improves productivity.
  • Reduces the cost of recovery and fixes due to loss of information.
  • Prevents loss of customer’s confidential information.
  • Helps to achieve and maintain compliance regulations.
  • Overcomes legal hassles due to failure of the application security.
  • Delivers timely and valuable application vulnerability information to assist in developing proactive protection measures.

ISecurion’s Web application Security Assessment methodology is derived from a combination of information security guidelines and recognised testing methodology standards from sources such as OWASP and SANS. Our methodology for security Assessment is based the following approach.

Discovery

We work with the client to understand business impact of various features, so that we can quantify the business risk of the vulnerabilities we find.

Assessment

The assessment of the web application mainly covers the following areas

  • Authentication
  • Authorization
  • User management
  • Session management
  • Data validation, including all common attacks such as SQL injection, cross-site scripting, command injection, and client-side validation
  • Business Logic Testing
  • Error handling and exception management
  • Auditing and logging

Reporting and deliverables

At the end of engagement we provide detailed report with prioritized findings. We also highlight the failing processes that caused these vulnerabilities with appropriate recommendations.