Information Security Specialists.
News: Group attacks flaw in browser crypto security
News: Commission calls for cybersecurity czar
News: Microsoft hopes free security means less malware
News: Researchers find more flaws in wireless security
News: Online payment site hijacked by crime gang
News: TJX employee fired for exposing shoddy security
With improvements in CPU speeds and memory capacity in the last 5 years, firewalls have become increasingly more intelligent and also effective at blocking network layer attacks. The black hat community is well aware of this, as they are shifting their preferred attacks from the network up to the application layer.
In a recent Gartner report, an estimated 70% of all security breaches are due to vulnerabilities within the web application layer (attacks exclusively using the HTTP/HTTPS protocol). In addition to this, web applications are becoming increasingly prevalent and complicated with the recent popularity of XML attacks in web services communication, subtle cross site scripting attacks in AJAX’s asynchronous environment in flexible client side applications, and of course the 100 or more other application attacks that are found in the client server environments communicating over HTTP/HTTPS on the word wide web.
Before applications are exposed enterprise-wide, or on DMZs and partner-networks, an application assessment will minimize the risk, reducing exposure to vulnerabilities and remediating problems when they are least costly to fix. Here are some previous reasons why our clients have conducted application security assessments:
Security Technology Science offers a proven methodology that uses a structured, repetitive approach. Approximately 80% or more of the work performed is manually done with the remaining 20% made up of automated scans. Our subject matter expert will first discover and learn about the available application components, systematically test each component for potential exposures, and then selectively exploit specific high-risk vulnerabilities.
Through the hundreds of web application assessments we have performed, we concur with the OWASP Top 10 critical flaws found in web applications. As such, our scope will include detection of the following common flaws in web application design:
Our test team is either proficient or has a high degree of experience in the following web development areas: