While standard countermeasures and network vulnerability scanners are an important aspect of any information security program, they often only search and detect known vulnerabilities in the operating system, and web servers and can overlook issues specific to web applications.

To properly analyze threats such as cross site scripting (XSS), input validation issues, SQL injection, and authentication attacks, a manual ethical hack from within the application is necessary.
 

The Compliance Overview

Information security compliance regulations and guidelines (FDIC, FFIEC, GLBA, HIPAA, HITECH, NCUA, OCC, PCI DSS, etc.) require an organization to conduct independent testing of the information security program to identify vulnerabilities that could result in unauthorized disclosure, misuse, alteration, or destruction of confidential information, including Non-Public Personal Information (NPPI).

In order to ensure the security of an organization's external network, best practices state that each organization should perform an external penetration test in addition to regular security assessments. This includes any web-facing application that is exposed to risk.
 

The cprlorca Solution

Our application security testing service determines the strength of your online application security profile and will identify application layer vulnerabilities that may expose sensitive information or allow access to be granted to unauthorized users.

Unlike other providers, our application security testing methodology is applied almost entirely manually – rather than with the use of automated scanners. This allows cprlorca expert analysts to find vulnerabilities beyond those found with automated scanning tools.
 

Our experts test online applications to identify weakness in:

  • General architecture
  • Transport security
  • Logging
  • System attacks
  • Privacy concerns
  • Session management
  • Access control and authorization
  • Data validation
  • Perimeter manipulation
  • Cryptographic algorithms


They provide up-to-date security auditing for vulnerabilities such as:

  • Software infrastructure/design weaknesses
  • Authentication
  • Session management
  • Input validation attacks
  • Cross site scripting attacks
  • Script injection attacks
  • CGI vulnerabilities
  • Cookie theft
  • User privilege elevation
  • Web/application server insecurity
  • Database vulnerabilities
  • Privacy exposures
  • Logical flaws
       

Testing Requirements:

  • Brief training or educational introduction to the mechanics of the application
  • Multiple test accounts or administrative access to create additional accounts  
                    

Results are provided in an extensive report containing:

  • Immediate notification of critical risks
  • Executive summary
  • Business and technical risks/recommendations
  • Application test methodology
  • Application security issues listed by risk type and areas of concern
  • Details and exposure of application vulnerabilities
  • Enumeration of successfully penetrated systems
  • Recommendations and counter measures
  • Appendix examples
  • Video and/or screen image records of the application test results are available options

 

Contact us for a FREE Consultation 

Test de Penetrare, Scanare de Vulnerabilitati, MoldovaTeste de Penetrare, Scanari de Vulnerabilitati, Moldova