How does web security assessment improve security ?

Gold Standard: Fagan Style Inspection helps understand risks and improves security posture for every security audit.

  • Pre-review meeting
  • Formal meeting
  • Written review report
  • Follow-up and possible re-inspection
  • The more formal the review, the higher the payoff

This helps peers to understand and justify the risk and how to avoid risk. Every audit has reports and peer review. Between every audit there is gap for developers to fix the issues identified in the earlier audit. These steps ensure the web application gets secured as developers fix vulnerablilities step by step. These fixes are audited again for the last time to give agreed risk.

Web applications developed on all the below solutions would require security assessment. Secure the future with our Center of Excellence and withstand a cyber attack driven by 2mmth of skilled  hackers.

  • Content Management Solutions
  • ERP Solutions
  • Monetised API Interfaces
  • Cloud Integrations
    • Azure Applications
    • AWS Applications
    • Google Applications
    • Heroku Applications
    • Serverless Applications
  • Dependent Libraries Review
  • Applications built on Web Frameworks
  • Hybrid Web Applications

Standards and Methodologies


Application Security Assessment

Methodology: Different software testing techniques are employed to unearth application security vulnerabilities, weaknesses and concerns related to Authentication, Authorization, Session Management, Input/output Validation, Processing Errors, Information Leakage, Denial of Service etc. Typical issues which may be discovered in an application security audit include Cross-site scripting, Broken ACLs/Weak passwords, Weak session management, Buffer overflows, Forceful browsing, CGI-BIN manipulation, Form/hidden field manipulation, Command injection, Insecure use of cryptography, Cookie poisoning, SQL injection, Server mis-configurations, Well-known platform vulnerabilities, Errors triggering sensitive information leak etc. For web applications OWASP (Open Web Application Security Project) guidelines is used for the assessment. All the assessment are carried out using both state-of-the-art tools and manual testing methods.

Deliverable:  A detail report with discovered vulnerabilities, weaknesses and mis-configurations with associated risk levels and recommended actions for the risk mitigation will be submitted.


Vulnerability Assessment :

Methodology:  This is a security audit and privilege access and administrator assistance is required for configuration audit. This is done directly on the system with physical and logical access. System configuration checking and vulnerability scanning is performed to find out weaknesses, vulnerabilities and mis-configuration in the target hosts.

Standards:  XCCDF   |   OVAL  |  CCE   |    CPE   |  CVE   |    CVSS

Deliverable: A detail report with discovered vulnerabilities, weaknesses and mis-configurations with associated risk levels and recommended actions for the risk mitigation will be submitted.


Penetration Testing

Methodology: Penetration Testing (PT) is normally done remotely from public domain(Internet) and also can be done from internal network to find out exploitable vulnerabilities from internal network. No privilege access is required. Series of testing conducted like information gathering from public domain, port scanning, system fingerprinting, service probing, vulnerability scanning, manual testing, password cracking etc. using state-of-the-art tools (commercial and open source) and techniques used by hackers with a objective to unearth vulnerabilities and weaknesses of the IT infrastructure.

Deliverable: A detail report with discovered vulnerabilities, weaknesses and mis-configurations with associated risk levels and recommended actions for the risk mitigation will be submitted. Additionally a demonstration of penetration (if possible) as a Proof of Concept (only to prove possibility and not to cause real damage) may be given.