WEB Application Security Assessment

WEB Application Attacks vary and evolve rapidly on a daily basis to exploit newly created or identified vulnerabilities, many of which are classified as zero day exploits. Since it takes some time to patch these real time holes, it’s inherent that web sites test the security strength of their application and vertical market software on a continual basis.

According to the statistics:

73% - of organizations have been hacked at least once in the past two years through insecure Web applications (State of Web Application Security Survey, Ponemon Institute);

70% - of threats are at the Web application layer (Gartner);

55% - of all disclosures were Web application vulnerabilities (IBM X-Force 2010 Mid-Year Trend and Risk Report);

12 - Number of vulnerabilities per Web application (Web Application Security Consortium).

Our methodology is designed to provide your organization an independent, third-party analysis of the effectiveness of the application security controls implemented within your solutions. It offers a comprehensive, repeatable review and a deep-dive technical evaluation of key access control mechanisms based on the leading application security standards:

  • OWASP Application Security Verification Standard (ASVS);
  • Penetration Testing Execution Standard (PTES).

Once complete, we will provide a report identifying all of the security vulnerabilities found. Each finding will be assigned a risk rating based on the following criteria, along with remediation recommendations to resolve the threat base on the following classification models:

  • The WASC Threat Classification v2.0;
  • Common Vulnerability Scoring System (CVSS-SIG).

In the technologies field, it is imperative that our team members are on the cutting edge. That is why our employees have earned several certificates: CISSP (Certified Information Systems Security Specialist), CISA (Certified Information Systems Analyst), CEH (Certified Ethical Hacker), Extreme Networks Administrator, A+ Certification, Net+, MCP (Microsoft Certified Professional), and MCSA (Microsoft Certified Systems Administrator).

We have more than 90 employees serving customers in more than 25 countries. Our clients include various banks, financial institutions, oil and gas companies, software and hardware vendors, telecommunications service providers from Australia, Argentina, Brazil, Canada, EU, Russian Federation, UK, USA and Ecuador.

Group-IB employees participate in key IT-security conferences such as e-Crime, Cardex, APWG:Counter-eCrime Operations Summit (CeCOS), SCADA Security Summit.

WEB Application Security Assessment

We provide comprehensive report, which includes:

  • Summary of findings and recommendations;
  • The general control review result;
  • The vulnerability test results;
  • Risk assessment results including identified assets, threats, vulnerabilities, impact and likelihood assessment, and the risk results analysis;
  • Recommended safeguards.

WEB Application Security Assessment

  • Group-IB is the winner of the annual business award "Company of the Year" in the field of Telecom & IT according to the business weekly "The Company" (2012);
  • Services from one of the leading companies in sphere of computer forensics and cybercrime investigations with extensive experience;
  • Our qualification is proved by various thank you letter from LEA and companies of different countries;
  • Unique experience in threat intelligence and vulnerability assessment.

WEB Application Security Assessment

  • Do we need to provide source codes of the WEB application?
  • How do you confirm found vulnerabilities in WEB application?
  • I would love to check 3d party WEB application we use in the company, is it possible?
  • How do you categorize found vulnerabilities?

Contact Us:

+1 917 809-47-41
help@group-ib.com

More information