Application Security Assessment
Are your transactional Web applications secure?
Service Description:
An assessment of the transactional elements of your web based application such as on-line banking, on-line trading, eCommerce, B2B, B2C or any other application that handles sensitive data.
Value Proposition:
An insecure transactional web application can lead to negative press, liability, privacy issues, compliance violations, and financial loss due to unavailability, or outright theft and/or fraud.
Common Vulnerabilities Identified:
- Cross Site Scripting (XSS).
- SQL Injection.
- Unauthorized transactions (such as funds transfer) due to weak authorization.
- Session cloning (The ability to take over a legitimate user session through weak state. maintenance and/or session management).
- Cross Site Request Forgery (CSRF).
- Buffer overflows and command line execution attacks.
Benefits
- Provides your organization with a view of your current application security posture.
- Decreases business risk by enhancing the security of your web application.
- Provides demonstrated due diligence.
- Measures your application against current best practices and standards.
- Ensures that your application is sufficiently hardened to survive a concerted attack at the application level.
PTP Advantages
- PTP consultants have demonstrated experience in performing these assessments. The author of our methodology has over 10 years experience in performing application level assessments.
- PTP consultants have performed over 100 of these assessments.
- PTP consultants have identified root level vulnerabilities in over 25 of the world’s largest on-line banking applications.