Similar to a penetration test, this service targets a specific web application and examines application level controls. The review assesses the ability of an attacker to manipulate or compromise the target application and possibly gain access to back end systems.

The review consists of interviews, assessment of documentation, limited review of code, examination of connections to backend systems, and actual testing of the application using appropriate software tools.

Web applications are constantly under attack and many store sensitive data.

Most companies are required to have regular web application scanning as a regulatory requirement.

Weaknesses in web application security can allow a network to be compromised or data stolen, even though strong external security is in place.

A quarterly Web Application Scan is considered an IT best practice.

If a client has a security breach and they have not been performing regular Web Application Scans, the leadership’s performance in protecting the enterprise may be called into serious question.

Deliverables

The deliverable from this project is a detailed web application assessment. The report lists, ranks, and details the remediation needed to correct these deficiencies. Detailed information on how the vulnerabilities can be remediated is included in each report.