Overview
  Services Portfolio
  Trainings

 ISO27001
 Security planning
 Security analysis
  IS security assessment
  Penetration testing
  Threat & risk assessment
  Application security assessment
  Security architecture design
 Support
 Other services

Application security assessment

The pressure to rapidly develop and roll-out business applications often leads to poor or no security testing, resulting in vulnerable applications being used in production environment. Meanwhile, exploitation of vulnerabilities in web-based applications is currently method favourite among hackers who frequently exploit web-applications to gaining access to sensitive information.

Application security assessment is a comprehensive security analysis of client�s business application. If your organisation plans to launch a new business application, you should definitely perform application security assessment, including application penetration testing. This is especially important if your application provides or processes sensitive information, financial transactions or runs critical business functions for your organisation.

Depending on approved scope the application assessment includes application architecture review, security analysis of an application source code, vulnerability research through reverse engineering and penetration testing, stress testing and analysis of application components. It may also include audit of conformance to specified security standards, company�s policies and security architecture as well as initial security requirements.

The following application vulnerabilities are often discovered and fixed as a result of more than 70 application security testing scenarios:

  • Injection flaws (e.g. SQL, LDAP, OS command, XPath, XQuery, XSLT, XML)
  • Cross Site Scripting (XSS)
  • Cross Site Request Forgery (CSRF)
  • Improper authentication or session management
  • Improper access control
  • Missing encryption or improper use of cryptographic algorithm
  • Information exposure through an error message
  • Open redirects
  • Failure to restrict URL access
  • Insecure direct object references or path traversal
  • Buffer overflows


Copyright � 2004-2013 ITSEC Asia. All rights reserved.