Network Security
Application Security
Wireless Security
Code Review
Social Engineering

Application Security

The increase of technology attacks that exploit the vulnerabilities and design flaws within many of today's web-based or in-house applications is growing at a phenomenal rate. Although many organizations do an excellent job of securing their perimeter networks and systems from attack by using restrictive firewalls and sophisticated intrusion detection and prevention systems, failing to address or test these issues can be costly to any organization.

While you may have hundreds of in-house and externally developed applications, we focus on the compiled and installed elements of the entire system to uncover application layer vulnerabilities, and verify any high-risk vulnerabilities. Detailed reporting prioritizes these vulnerabilities, identifies their causes and provides remediation steps.

Our application testing teams use tools that are more rigorous and require highly specialized staff with specific application development skills. By highlighting risks posed by actual exploitable vulnerabilities, we will simulate an attack intended to expose the effectiveness of an application's security controls. This penetration test goes much further than many generic responses, false positive findings and other testing provided by automated application assessment tools.

Top Vulnerabilities:
  • Broken Authentication
  • Broken Access Controls
  • Invalidated Input
  • Broken Session Management
  • Injection Flaws
  • Buffer Overflows
  • Cross Site Scripting (XSS) Flaws
  • Improper Error Handling
  • Cookie Poisoning
  • Insecure Storage
  • Privilege Escalation
  • E-Shoplifting Vulnerabilities

Unlike network penetration testing, application level penetration testing requires a limited set of user credentials. Application penetration testing can be conducted remotely or onsite depending on the user’s credentials.

Using this methodology, we are able to demonstrate actual exploitable vulnerabilities within an application. At the conclusion of our testing, a findings report is provided including a detailed description of each issue, an associated severity rating, an exploitability risk rating and one or more recommendations to address the issues throughout the System Design Life Cycle.