Security risks have moved beyond the network and operating systems.
Website Application problems are more significant as they have access to sensitive electronic information in internal databases that can bypass typical network security controls. Most organizations only test for functional requirements in the application but when it comes to security vulnerabilities, these need to be addressed quickly and tested on an ongoing basis.
All website security assessments will involve but not limited to the following methodologies:
- Analysis of data access requirements
- Source code analysis
- Source sifting
- Site design
- File system traversal
- Input validation
- Transport mechanism
- Business Logic, Functional Specification & Implementation
- Access Control & Authorization
- Session Management
- Error Condition Handling & Exception Management
- Data Confidentiality
- Analysis of tools needed to ensure secure code development
- Analyze training regime for secure application development
- Understand the business requirements of the applications
- Develop a threat analysis and monitoring solution for application security
- Develop policies to address future risk to applications
Our approach is to provide a standard methodology to follow and provide your developers and implementation specialists a guideline for a secure website application deployment.
We provide technical recommendations with mitigating controls and policies and procedures to keep your website secure over time.