Application Security Testing

How well do you think your software would sell if it allowed malicious users to breach the network perimeter of your clients?

How would your company's reputation suffer if your software allowed confidential information such as credit card details or medical records to be accessed by un-authorised personnel?

How damaging would it be to your business if malicious users could order products from your e-commerce site without paying for them?

In recent times, there has been a shift away from attacks against traditional network targets such as Routers and Firewalls; instead attackers are focusing on weaker targets such as websites and other software applications often with devastating consequences.

Our Application Security Testing service provides a way for your applications to be tested for vulnerabilities such as cross-site scripting, injection attacks, password cracking and data input attacks. The aim of an application security test is to identify the ways in which the application can be subverted to behave in a way that it is not designed to do. For example, allow unauthorised users to gain access to your application or the data it holds.

While we can't ensure your application will be bullet-proof, we can, by using a structured and methodical approach, certainly ensure it's not an easy target.

Service Highlights

  • An experienced test analyst will review your application and develop a Threat Model to identify possible methods of attack.
  • The Threat Model will be used in conjunction with guidelines from OSSTMM and OWASP along with a range of specialist tools in an attempt to subvert your application.
  • We produce a report that is easy to read and understand and our experienced analysts are always available to clarify any points if necessary.

Service Benefits

  • The security of your application is tested in a structured and methodical manner.
  • Testing is carried out in our dedicated test facilities where we have access to a range of specialist tools.
  • Testing can be carried out for a fixed price based on the complexity of the application.

Want to know more?

If you want to know more about this service or just need some advice on Application Security Testing, we encourage you to Contact us

Find out more about Threat Modelling at the Microsoft site.

Find out more about OSSTMM at the ISECOM website.

Find out more about the OWASP at the OWASP website.