Web Application Security
We are a leading application security company with a full range of services around application threat modelling, security assessments, secure code review, trainings on secure coding, and implementing an application security strategy for your organization.
Our consultants have many years of experience in reviewing the design, code and features of applications from a security perspective cutting across various technology platforms such as ASP, ASP.NET, Java, PHP, Ruby on Rails, C++, etc. Also, we have done a number of mobile application security assessments across Android, iOS, and Blackberry platforms.
Application Security Assessment
Application Security Assessments are designed to identify and assess threats to the organization through proprietary applications or those delivered by vendors with little or no customization. Our application security assessment methodology is designed around the following well known security assessment guides such as:
- OWASP Top 10 (Open Web Application Security Project)
- Open Security Testing Methodology Manual (OSTMM)
- Web Application Security Consortium (WASC) guidelines
- SANS guidelines
As your applications may provide interactive access to potentially sensitive materials, it is vital to ensure that these applications don't expose the underlying servers and software to malicious attack(s) or allow any unauthorized user to access, modify or destroy data or stop critical system services.
Our Approach to Application Security Assessments
We use number of application security testing techniques. This might include black-box testing, grey-box testing, fault injection, and behaviour monitoring. This is done along with business logic testing which might exploit or abuse an application's functionality to carry out unwanted actions such as privilege escalation attacks, authorization bypass, parameter manipulation, etc.