Safely Test the Security of your Web Applications Against the Latest ThreatsContact Us
RandomStorm have a professional Web Application Security Testing service that can be used to identify vulnerabilities that exist on your web applications. This application testing can be performed remotely for external facing web applications or internally at your premises if the application is an internal application. RandomStorm have a wealth of knowledge in the area of Web Application Security Testing and their testers have created and contributed to many open source web application security projects such as the Damn Vulnerable Web App and the WPScan WordPress Security Scanner.
RandomStorm have a wealth of knowledge in the area Web Application Security Testing and their testers have created and contributed to many open source web application security projects such as the Damn Vulnerable Web App and the WPScan WordPress Security Scanner
The security testing methodology used are based around the The Open Web Application Security Project (OWASP) testing methodologies. The assessment is divided into five phases:
Once the initial order has been received, the next stage is to carry out the initial scoping. At this stage the application access information is provided by the customer along with any authentication credentials that are required to perform the security assessment.
In the passive information gathering stage the tester examines the application's general and business logic. Business logic flaws in the application can also lead to serious security issues. At the end of this phase, the tester should understand all the access points (gates) of the application (e.g. HTTP headers, parameters, and cookies).
Often analysis of the infrastructure and topology architecture can reveal a great deal about a web application. Information such as source code, HTTP methods permitted, administrative functionality, authentication methods, and infrastructural configurations can be obtained.
In computer security, authentication is the process of attempting to verify the digital identity of the sender of a communication. Testing the authentication scheme means understanding how the authentication process works and using that information to circumvent the authentication mechanism. Authorisation is a process that comes after a successful authentication, so the tester will verify this point after he holds valid credentials, associated with a well-defined set of roles and privileges.
At the core of any web-based application is the way in which it maintains state and thereby controls user-interaction with the site. Session management broadly covers all controls on a user from authentication to leaving the application.
The most common web application security weakness is the failure to properly validate input coming from the client or environment before using it. This weakness leads to almost all of the major vulnerabilities in web applications, such as cross site scripting, SQL injection, interpreter injection, locale/unicode attacks, file system attacks, and buffer overflows.
Web applications have become business critical tools and not just an aid to marketing. However, if the web application has been built without security in mind, then it may provide attackers with a way into the company's network. Focusing on the industries top vulnerabilities such as the OSWAP framework, as well as other leading sources, RandomStorm's web application security assessment helps companies to identify these security issues before the attackers take advantage of them.