Web Application Security

Web applications are one of the most exposed parts of your IT infrastructure both in terms of the data you can provide to your users via your web application infrastructure and the way your security defences have been designed. Traditional network and IPS-based defences are designed to keep network users out often overlooking that todays networks require access to be given to both trusted and untrusted users in order to do business. DMZ’s can allow users to bypass network defences and embed attacks designed to compromise the company website and systems in HTTP and HTTPS attacks that will not be detected by a number of different network defences.

As multi-layer web architectures allow deep access into databases and systems the risk exposure of web applications is immense and they open up the risk of serious data theft and leakage. It is these systems that are now regularly targeted by hackers, as the rewards for compromise are much greater than simply finding weaknesses in the network infrastructure. They could compromise customer credit card data, PII, and employee information that can leads to fines and disruption of web services. Today’s compliance requirements also stipulate that web infrastructures should be assessed and protected as they are susceptible to attacks and therefore need to be defended correctly.

Example Web Application Threats as defined by OWASP:

SQL injection

Site defacement

Cross-site scripting

Directory traversal

Debug Backdoors

Session hijacking

DNS attacks

Authentication bypass

Forceful browsing

Input validation

Cookie poisoning

CGI vulnerabilities

Buffer overflows

Attack obfuscation

Denial of Service

DMZ protocol attacks

We offer Web Application Security assessments against all web based HTTP, HTTPS and XML applications and ensure we continuously update our methods to ensure we test against all known vulnerabilities. Once the assessment has been completed we will send you a report on the findings and the next steps to ensure any discoveries are explained and the remediation steps outlined so you can take action on the discovery.