 |
|
|
Insecure web applications now account for over 50% of electronic intrusions, and are thus widely acknowledged as the preferred target of network attackers. And yet new web technologies are continually deployed on the Internet in blatant disregard of secure programming best practices.
|
|
|
Web application vulnerabilities are easily overlooked by programmers who must view the same code each day, and often their job does not specifically require attention to such details. The proliferation of vulnerable web code continues to receive mainstream attention, and yet little is done to address the root of the problem. |
|
|
Security best practices recommend that your web applications are rigorously tested by dedicated third-party specialists.
|
|
|
The Psiframe Application Security Analysis (ASA) provides in-depth code review, also known as White box testing, which helps strengthen the core security of your web application.
|
|
|
External Web Application Penetration Testing, also known as Black box testing, helps discover many frontline vulnerabilities before an attacker does. However Black Box testing is not always adequate to discover every web-based vulnerability.
|
|
|
For customers who require the utmost in web application security, Psiframe provides Gray Box testing, which is a combination of external application testing (Black Box) and internal code review (White Box).
|
|
|
According to OWASP (The Open Web Application Security Project): "There are at least 300 issues that affect the overall security of a web application."
|
|
|
From among the seemingly countless potential web application vulnerabilities, our in-depth Application Security Analysis focuses on (but is not limited to) the following Top Ten concerns,
as specified by OWASP:
|
|
|
 1. Cross Site Scripting (XSS)
|
|
|
2. Injection Flaws
|
|
|
3. Malicious File Execution
|
|
|
4. Insecure Direct Object Reference
|
|
|
5. Cross Site Request Forgery (CSRF)
|
|
|
6. Information Leakage and Improper Error Handling
|
|
|
7. Broken Authentication and Session Management
|
|
|
8. Insecure Cryptographic Storage
|
|
|
9. Insecure Communications
|
|
|
10. Failure to Restrict URL Access
|
|
|
|
|
Every Psiframe Web Application Security Analysis includes:
|
|
|
| Executive Summary |
|
| Business Impact Risk Assessment |
|
| Code Review and/or Penetration Test |
|
| Lockdown Guide |
|
|
|
Extensive web application testing and code review is imperative, when the health of your company is at stake. Psiframe's Web Application Security Assessment helps expose vulnerabilities in your applications for quick remediation, and communicates to both programmers and management the details necessary to mitigate this increasingly severe threat.
|
|
