An organization’s web presence is critical for business in today’s environment. Web sites and applications can also be an easy attack target for anyone with malicious intent.
Using both manual and automated analysis of a web application or site, our security team can identify threats and vulnerabilities regardless of the underlying technologies. Once the scope and architecture of the target application or web site is understood, automated tools are configured to comprehensively test the enabled security controls meant to protect the application or web site’s exposed interfaces. Manual testing starts where the automated tools stop. In addition, our security team use their experience to test the application or site as an attacker would.
Our comprehensive testing methodologies ensure the uniform detection of common vulnerabilities such as the OWASP Top 10. These include threats such as input injection, cross-site scripting, broken authentication and session management and information disclosure.
All of our deliverables include detailed descriptions and reporting, and the perceived risk and remediation effort necessary to successfully address discovered vulnerabilities.