Web application Security Assessment:
- Is an approach to find out security weaknesses in Web applications
- Main goal is to mitigate the most common threats or loop holes present
- Performing technical due diligence on a given web application
Reasons for Security Weaknesses
- System misconfiguration
- Lack of coding standards
Risks
- Allows attacker to reduce system’s Information Assurance
- Compromise of confidential data
- Expenditure on recovery and fixes
- Legal liability
Benefits
- Protects information assets from hacking
- Secure confidential business data from external interference
- Increased customer trust and market credibility
Web Security Assessment Tasks
- Performed assessments across various platforms
- Support customers with diverse backgrounds
- Expertise in market renowned web assessment tools
- Designed value added methodology
- Black box and white box approaches
- Evaluation of web application security for customer
- Over 100 applications to be assessed
- Legacy as well as new applications
Types of Applications
Vulnerability Testing – An Approach
Assessment Achievements
Results
- Vulnerability Testing institutionalized as part of customer processes
- All the vulnerabilities were confirmed on production site
- All vulnerabilities were accepted and no vulnerability was rejected
- Vulnerabilities closed by customer
- Enhanced awareness among developers related to app security
- Continuous improvement to the assessment methodology
- Appreciation from customer for innovative value add