Don’t forget about your applications. According to the latest research, 75% of the targeted attacks in 2008 where against web based applications and certain evidence suggests that 90% or more of the newly discovered vulnerabilities are application specific.
INFOSECPRO’s proprietary application testing methodology takes the view of a malicious hacker. Our Web-Application Security Assessment offers a comprehensive examination and testing of web-applications. INFOSECPRO attempts to breach the customer’s application via (either or both) secure or insecure channels simulating “unauthorized access” to critical and confidential data, system resources and also initiating functionality perversion.
Specifically, INFOSECPRO will:
- Identify obvious and obscure system entry points.
- Attempt to circumvent implemented access control mechanisms to gain access to restricted areas, critical and confidential data, system resources, covert channels and databases.
- Determine the application’s susceptibility to compromise.
- Identify and prioritize vulnerabilities and other problematic issues.
- Deliver detailed recommendations designed to remedy deficiencies and secure the application.
Conducting source code reviews for security vulnerabilities is a great way to expose insecure code within applications or within critical components of applications. The intent is to mitigate the risk of coding errors or flaws in architectural design that can expose sensitive data as early in the development lifecycle as possible.