What & Why?
The importance of Application Security is growing rapidly with the increase of business needs for online transactions. Protecting and securing online applications from hacking attempts is the prime concern to run a successful online business. Organisations need to practice due care in the operation of their internet, intranet and extranet websites, web applications and e-commerce systems to prevent security breaches and to have controls in place to mitigate the effect when breaches occur. Failure to practice such due care is negligence and increases business risk. Failing to protect web applications from malicious attempts can lead to financial loss, legal complications and damage to reputation. Several legal requirements like PCI-DSS, Sarbanes-Oxley, GLBA and HIPAA are enforced on the online business to help protect customer's sensitive data from theft and misuse.
Assessments, reviews and formal audits can be used to provide an understanding of the risk involved, whether security best practice is being followed and whether due care is being taken.
Web Application security health checks can be used to profile areas of weaknesses in information security controls that should then be investigated further. They can be a cost-effective way to prioritise how efforts to protect users, data and reputation should be focused.
intiGrow assessment will take a look at all the aspects of the applications and:
- Verify applications are properly configured to prevent unnecessary data from being revealed
- Validate user authentication processes, password reset mechanisms and session management schemes
- Identify strengths and weaknesses of web applications in terms of overall security
- Prioritize exposures that present greatest risk
- Deliver an actionable report including executive summary and remediation recommendations.
The Web Application Assessment leverages a set of automated and manual tests designed to find weaknesses in the application. Initial steps include identifying application layout and locations where the greatest risks appear to reside. Once the site is mapped, appropriate attacks are initiated to discover vulnerabilities in the application, leveraging SQL vulnerability detection and penetration testing. Findings are compiled and a thorough report delivered, including useful graphs and charts.
Some of the key tests conducted on application are:
- Windows Command Injection
- Unix Command Injection
- SQL Parser
- SQL Disclosure
- Cross-Site Scripting
- Buffer Overflow
- Insecure Configuration
- Invalidated Input
- Denial of Service