Security News

News: Change in Focus

News: Twitter attacker had proper credentials

News: PhotoDNA scans images for child abuse

News: Conficker data highlights infected networks

News: Monster botnet held 800,000 peoples details

News: Google: no timetable on China talks

News: Latvian hacker tweets hard on banking whistle

News: MS uses court order to take out Waledac botnet

External Links

Application Security Assessment

With improvements in CPU speeds and memory capacity in the last 5 years, firewalls have become increasingly more intelligent and also effective at blocking network layer attacks. The black hat community is well aware of this, as they are shifting their preferred attacks from the network up to the application layer.

In a recent Gartner report, an estimated 70% of all security breaches are due to vulnerabilities within the web application layer (attacks exclusively using the HTTP/HTTPS protocol). In addition to this, web applications are becoming increasingly prevalent and complicated with the recent popularity of XML attacks in web services communication, subtle cross site scripting attacks in AJAX’s asynchronous environment in flexible client side applications, and of course the 100 or more other application attacks that are found in the client server environments communicating over HTTP/HTTPS on the word wide web.

Why Perform

Before applications are exposed enterprise-wide, or on DMZs and partner-networks, an application assessment will minimize the risk, reducing exposure to vulnerabilities and remediating problems when they are least costly to fix. Here are some previous reasons why our clients have conducted application security assessments:

Our Methodology

Security Technology Science offers a proven methodology that uses a structured, repetitive approach. Approximately 80% or more of the work performed is manually done with the remaining 20% made up of automated scans. Our subject matter expert will first discover and learn about the available application components, systematically test each component for potential exposures, and then selectively exploit specific high-risk vulnerabilities.

What We Will Find

Through the hundreds of web application assessments we have performed, we concur with the OWASP Top 10 critical flaws found in web applications. As such, our scope will include detection of the following common flaws in web application design:

Technologies and Environments

Our test team is either proficient or has a high degree of experience in the following web development areas: