Application Assessment

Application Security Assessments allow an organisation to evaluate the security of their applications against the latest threats. These assessments help identify vulnerabilities such as SQL Injection and Cross-Site Scripting within web applications, as well as privilege escalation, buffer overflow issues within 'thick clients'.

Our consultants have many years of experience in application security which allows us to understand and evaluate your application comprehensively. Our approach includes assessing an application for potential vulnerabilities, using both automated and manual techniques, followed by exploitation of the vulnerabilities discovered to understand the scope of the risk. These findings are verified to make sure no false positives are reported.

No dangerous testing or exploitation of vulnerabilities will be conducted without authorisation from the client. Our tests follow the methodology outlined by the Open Web Application Security Project (OWASP) and Open Source Security Testing Methodologies.

Along with assessing the actual technical risk, our consultants use root cause analysis techniques to help your organisation mitigate the issues as quickly as possible. This will help reduce the risk posed to users of your applications and also the likelihood of the next 'hacking' headline being related to your company.

After reporting the issues discovered during the assessment, our consultants are also available for further follow-up calls to clarify certain issues or help your organisation understand the risks posed.

Our service can be fully tailored to the needs of your business, with reporting delivered in your preferred format where possible

Overview

The following high-level areas are included within the application assessment:

  • Web server configuration
  • Cryptography and communication mechanisms
  • Authentication and authorisation
  • Session management
  • Input and output validation
  • Business logic
  • Data Storage Security (where possible)

Assessment Steps

Reconnaissance

The application is evaluated, with a manual walkthrough designed to identify functionality and key areas to focus on.

Assessment

The assessment commences, utilising manual and automated techniques

Reporting

The assessment is documented in a simple, easily digestible, format.