// WEB
APPLICATION
SECURITY
ASSESSMENT //
An organisation usually has various web applications running such as the corporate website, customer portals and internal systems. Each web application serves a different purpose, and each web application is also designed differently. Ensuring that all web applications are secure is not an easy task to completed and maintained on a periodic basis.
However, it is important that the web applications are tested thoroughly to ensure that there are no weak points for an attacker to exploit. Usually, there will one or more insecure web applications running. The vulnerabilities on the web application can range from a lack of input validation, SQL injection and/or unencrypted communications. An attacker can manipulate one or more of these vulnerabilities in order to gain access to the web application and potentially traverse within the internal organisational network.
Benefits of performing a Web Application Security Assessment:
-
Identify current web application vulnerabilities.
-
Mitigate the risk of the vulnerabilities being exploited.
-
Reduce application downtime.
-
A better overall understanding of the current cybersecurity posture.
How we perform a Web Application Security Assessment:
-
We leverage the Open Web Application Security Project (OWASP) as the foundation of our web application testing methodology.
-
Various tools such as BurpSuite and Nessus are also used to supplement the testing to ensure that a complete and thorough assessment is done.
-
Both authenticated and non-authenticated testing can be performed, depending on the customer requirement.
-
Testing can be done during business hours or after business hours, depending on the risk appetite of the customer.
-
Revalidation on issues found is done to ensure that the mitigating steps taken are working.