|
Application Security Assessment
Pure Hacking will analyze the critical components of a Web-based portal,
e-commerce application, or Web platform.
Using manual techniques and hundreds of appropriate tools the assessment
pinpoints specific vulnerabilities and identifies underlying problems. The
analysis integrates detailed vulnerability and countermeasure information for:
- authentication
- authorization
- session management
- data integrity
- data confidentiality
- privacy concerns
Pure hacking provides comprehensive reviews for:
- Fundamental Design Security
- HTML Source Management
- General Input Validation
- SQL Injection
- Cross Site Scripting
- Token Analysis (Cookies, Custom Session IDs, etc.)
- Session Security (Authentication and Authorization)
The Most Common Application Layer Vulnerabilities are:
| Attack percent vulnerable Cross-site scripting |
80%
|
| SQL injection |
62% |
| URL Manipulation |
60%
|
| Cookie poisoning |
37% |
| Database server |
33% |
| Web Server |
23% |
| Buffer overflow
|
19% |
If you are the:
- Chief developer in an IT organization about to roll out company wide software.
- Chief engineering, product manager or release manager in a software development
project and you need to know if your software is safe.
- IT manager who wants to assess the security vulnerability of your organization
- Government agency or military agency charged with deployment of a significant
application.
Could this happen to your application?
You have discovered a hacker has stolen $20 from your business via a custom
application, and leaves $5 as a demonstration of skill. You contact the hacker
as he as a user account. He demands a ransom to be paid in 3 days otherwise he
will cripple your business. You try to fix the holes, and the hacker steals
$10,000 on day 2 to teach you a lesson. You have over 50,000 customers. The
hacker is in Russia, your infrastructure is in Northern Europe, and the
operations are managed from the Asia Pacific Region. What do you do?
A new Pure Hacking client - call made at 4pm Friday 25th October 2002.
What Pure Hacking did for this client before the deadline.
- Assess the underlying infrastructure
- Code review of every input field for the application
- Identified previously known and new vulnerabilities
- Supported the client through the extortion attempt
- Stopped the hacker in his tracks
- Forwarded the details onto the relevant authorities.
- All before the deadline imposed by the hacker.
- The business continues to operate to this day in a safe manner.
This example was for a financial institution. Even more damaging to a
corporation would be the theft of client details and the subsequent publishing
of those details.
Click here to request a service from Pure Hacking
Finance
"We initially engaged Pure Hacking to conduct a number of tests in accordance
with a set of objectives. Their approach and execution were highly commendable
and all objectives were met or exceeded. Based on the experience we had no
hesitation in re-engaging Pure Hacking on another assignment. In the area of
internet security, I would highly recommend Pure Hacking for a penetration
test."
IT. Security Manager, International Financial Institution
|
|
