Web Application Security Assessment
Often, critical business processes and financial transactions are carried out on an application level and thus attract the keen interest of attackers. Owing to their worldwide accessibility, web applications that are exposed to the internet are particularly vulnerable. These applications are often directly connected to internal systems (database of the ERP system, etc.) and thus pose as potential gateway into the internal network.
During a web application security assessment, attacks on and within the application are being simulated. The base system (operating system, web server, content management system, etc.) as well as the application itself are analyzed for existing vulnerabilities. The auditor thereby not only considers the potential for external attacks but also takes the inappropriate conduct of privileged and unprivileged users into account. Attack attempts may range from an exploitation of the base system to data base manipulations via input and search fields.
Web application security assessments generally follow a comprehensive approach. However, depending on the type of application and relevant threats, a risk-based approach (similar to a penetration test) is also possible. The focus will thereby be on particularly security-critical and/or vulnerable parts of the application. The scope of the assessment depends on the time budget agreed with you.
With regard to Web Application Security we comply with the guidelines issued by the internationally recognized Open Web Application Security Project - OWASP.
As a result of the assessment, you will receive a comprehensive evaluation of your application security as well as the programming quality. A catalogue detaling prioritized counter-measures and specific solutions for all identified vulnerabilities is an additional integral part of the final report.