Application-level security vulnerabilities — those that exist within the application itself — are often overlooked and can put your entire organization’s data at risk.
Evaluating web applications against industry standards such as the latest revision of the Open Web Application Security Project’s testing guide ensures your organization’s web application is tested against a “best practice” framework. OWASP covers more than 66 active control tests for authentication, authorization, session management, input validation, character encoding, error handling, and buffer overflows, with a particular emphasis on data validation, which will help ensure that your organization’s information is kept secure from tomorrow’s data-theft attacks.
Application security assessment typically includes, but is not limited to, the following:
- Interviews with key application and system administrators: Interviews focus on application architecture, technical implementation, environmental layout, and operational security procedure.
- Application vulnerability penetration testing: Using an industry-leading framework as a reference, web applications are actively tested for a number of vulnerabilities, including, but not limited to, cross-site scripting (XSS), SQL injection, cookie manipulation, session management authentication, and authorization attacks.
- Evaluation of internal application communications and data storage: This assessment is designed to identify weaknesses in both the transmission and storage of sensitive data.
- Code review: Direct examination of application code to validate secure coding practice and identify undetected vulnerabilities.
To discuss how we can assist you with assessing the security of your applications, call us at (303) 245-4545 or contact us online.
