WEB Application Security Assessment
WEB Application Attacks vary and evolve rapidly on a daily basis to exploit newly created or identified vulnerabilities, many of which are classified as zero day exploits. Since it takes some time to patch these real time holes, it’s inherent that web sites test the security strength of their application and vertical market software on a continual basis.
According to the statistics:
73% - of organizations have been hacked at least once in the past two years through insecure Web applications (State of Web Application Security Survey, Ponemon Institute);
70% - of threats are at the Web application layer (Gartner);
55% - of all disclosures were Web application vulnerabilities (IBM X-Force 2010 Mid-Year Trend and Risk Report);
12 - Number of vulnerabilities per Web application (Web Application Security Consortium).
Our methodology is designed to provide your organization an independent, third-party analysis of the effectiveness of the application security controls implemented within your solutions. It offers a comprehensive, repeatable review and a deep-dive technical evaluation of key access control mechanisms based on the leading application security standards:
- OWASP Application Security Verification Standard (ASVS);
- Penetration Testing Execution Standard (PTES).
Once complete, we will provide a report identifying all of the security vulnerabilities found. Each finding will be assigned a risk rating based on the following criteria, along with remediation recommendations to resolve the threat base on the following classification models:
- The WASC Threat Classification v2.0;
- Common Vulnerability Scoring System (CVSS-SIG).
In the technologies field, it is imperative that our team members are on the cutting edge. That is why our employees have earned several certificates: CISSP (Certified Information Systems Security Specialist), CISA (Certified Information Systems Analyst), CEH (Certified Ethical Hacker), Extreme Networks Administrator, A+ Certification, Net+, MCP (Microsoft Certified Professional), and MCSA (Microsoft Certified Systems Administrator).
We have more than 90 employees serving customers in more than 25 countries. Our clients include various banks, financial institutions, oil and gas companies, software and hardware vendors, telecommunications service providers from Australia, Argentina, Brazil, Canada, EU, Russian Federation, UK, USA and Ecuador.
Group-IB employees participate in key IT-security conferences such as e-Crime, Cardex, APWG:Counter-eCrime Operations Summit (CeCOS), SCADA Security Summit.