Application Security Services

Application Security Services Overview

Effectively assess, manage, and secure your organization’s web usage and business-critical applications using our Application Security Services.

Application security encompasses measures taken throughout the code’s life-cycle to prevent gaps in the security policy of an application or the underlying system(vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application.

Applications only control the kind of resources granted to them, and not which resources are granted to them. They, in turn, determine the use of these resources by users of the application through application security.

Application Security Model

The Application Security Model used can vary. Generally, the choices are between using one of the following application security models.

  1. Database Role Based
  2. Application Role Based
  3. Application Function Based
  4. Application Role And Function Based
  5. Application Table Based

The choice depends particularly on what needs to be tested.

[button_6 bg=”green” text=”style5_nextstep.png” align=”center” href=”https://itsecurity.org/contact-us” new_window=”Y”/]

What Can We Test For?

[two_column_block style=”1″] [content1]

Category

[/content1] [content2]

Threats / Attack

[/content2] [/two_column_block]
[two_column_block style=”1″] [content1]

Input Validation

[/content1] [content2]

Buffer overflow; cross-site scripting; SQL injection; canonicalization

[/content2] [/two_column_block]
[two_column_block style=”1″] [content1]

Software Tampering

[/content1] [content2]

Attacker modifies an existing application’s runtime behavior to perform unauthorized actions; exploited via binary patching, code substitution, or code extension

[/content2] [/two_column_block]
[two_column_block style=”1″] [content1]

Authentication

[/content1] [content2]

Network eavesdropping ; Brute force attack; dictionary attacks; cookie replay; credential theft
[/content2] [/two_column_block]
[two_column_block style=”1″] [content1]

Authorization

[/content1] [content2]

Elevation of privilege; disclosure of confidential data; data tampering; luring attacks
[/content2] [/two_column_block]
[two_column_block style=”1″] [content1]

Configuration Management

[/content1] [content2]

Unauthorized access to administration interfaces; unauthorized access to configuration stores; retrieval of clear text configuration data; lack of individual accountability; over-privileged process and service accounts
[/content2] [/two_column_block]
[two_column_block style=”1″] [content1]

Sensitive Data And Information

[/content1] [content2]

Access sensitive code, data or information in storage; network eavesdropping; code/data tampering
[/content2] [/two_column_block]
[two_column_block style=”1″] [content1]

Session Management

[/content1] [content2]

Session hijacking; session replay; man in the middle attack
[/content2] [/two_column_block]
[two_column_block style=”1″] [content1]

Cryptography

[/content1] [content2]

Poor key generation or key management; weak or custom encryption
[/content2] [/two_column_block]
[two_column_block style=”1″] [content1]

Parameter Manipulation

[/content1] [content2]

Query string manipulation; form field manipulation; cookie manipulation; HTTP header manipulation
[/content2] [/two_column_block]
[two_column_block style=”1″] [content1]

Exception Management

[/content1] [content2]

Information disclosure; denial of service attacks
[/content2] [/two_column_block]
[two_column_block style=”1″] [content1]

Auditing and Logging

[/content1] [content2]

User denies performing an operation; attacker exploits an application without trace; attacker covers his or her tracks
[/content2] [/two_column_block]

If You Need Help With Your Application Security Testing. Contact Us Now For A Free and No-Obligation Consultation

Leave a Reply

Your email address will not be published. Required fields are marked *

May 11, 2016