• Services
• |
• About Us
• |
• Contact Us

Web Application Auditing

A web application is public by nature: you want to let people to get to your website with little to no restriction. This means that your server must let the untrusted public past your firewalls, and straight into your infrastructure. From there, the only thing standing between the public and your critical systems is your web application.

It is for this reason that a web application is typically the first point of attack for a hacker. There are also countless intelligent bots roaming the net that simply look for scripts, and throw tens, hundreds, or even thousands of attacks at your code to see what breaks. If your server isn't configured to block such rapid brute-force attacks, then you are relying entirely on your web application to hold up against relentless assault.

Unfortunately, most web developers code for functionality and not security. While functionality is of course vital, security is as well. Exposing vulnerabilities in an application usually involves doing things to it that you would never expect a typical end-user to do, which is why security flaws are often not found during typical quality assurance checks. It requires security awareness at both the application development and the application testing phases to properly build and publish an application that protects your infrastructure from harm.

Positron Security specializes in such auditing. Based on the specifics of your application, we will devise an auditing strategy appropriate for your situation. We can not only review your code by reading it, but also by attacking it from the outside just like a hacker would. Upon completion we will deliver a report including an executive summary, a technical description of all vulnerabilities found, as well as recommended action for each. We will work with your technical team to make sure they understand the issues, both to fix the vulnerabilities we found and to educate your team for further development.

Below is a brief list of things we look for during an audit. Please note that this is not comprehensive, and that ultimately what we look for will depend on your specific application.

• SQL injection vulnerabilities
• Cross-site scripting vulnerabilities
• Cross-site request forgery vulnerabilities
• Exposure of server configuration
• Exposure of files not intended to be public
• Loose file and directory permissions
• Insecure handling of sessions
• Insecure handling of passwords

Click here to request more information about application auditing.

• » Introduction
• » Web Application Auditing
• » Penetration Testing
• » Security Consulting
• » E-Commerce Development