The exploitation of vulnerabilities in web-based applications is the favoured method among hackers who exploit web-applications to gaining access to sensitive information.
This has been a result of the pressure to rapidly develop and roll-out business applications, which often leads to poor or no security testing, resulting in vulnerable applications being used in the production environment.
An Application Security Assessment is a comprehensive security analysis of a client’s business application. If your company or organisation plans to launch a new business application, you are strongly advised to an perform application security assessment, including application penetration testing. This is especially important if your application provides or processes sensitive information, financial transactions or runs critical business functions for your organisation.
Depending on the approved scope of the Application Security Assessment, the project includes:
- Application architecture reviews
- Security analysis of an application source codes
- Vulnerability research through reverse engineering and penetration testing
- Stress testing and analysis of application components
- Audit of conformance to specified security standards, company’s policies and security architecture as well as initial security requirements
The following application vulnerabilities are often discovered and fixed as a result of more than 70 application security testing scenarios:
- Injection flaws (e.g. SQL, LDAP, OS command, XPath, XQuery, XSLT, XML)
- Cross Site Scripting (XSS)
- Cross Site Request Forgery (CSRF)
- Improper authentication or session management
- Improper access control
- Missing encryption or improper use of cryptographic algorithm
- Information exposure through an error message
- Open redirects
- Failure to restrict URL access
- Insecure direct object references or path traversal
- Buffer overflows