Sense of Security has extensive experience with assessing application security - both web (browser based), non-web (client/server, compiled binaries, command line, etc), including front-end and back-end systems.
History has proven that software defects, bugs and logic flaws are consistently the primary cause of commonly exploited application software vulnerabilities. These can lead to unauthorised access of your networks, systems, and applications information.
According to research by Gartner, an estimated 70% of all security breaches are due to vulnerabilities within the web application layer (attacks exclusively using the HTTP/HTTPS protocol). Traditional security mechanisms such as firewalls and IDS provide little or no protection against attacks on your web applications.
A web application security review identifies vulnerabilities inherent in the code of a web application itself, regardless of the technology in which it is implemented, or the security of the web server or back end database on which it is built. Specifically, it analyses the critical components of a web-based portal, e-commerce application, or web services platform. A web application audit can be performed separately, or in conjunction with a penetration test, as both assessments are complementary and model threats from different perspectives.
Using our detailed methodology, and a combination of manual techniques and proprietary and commercial tools, this type of assessment pinpoints specific vulnerabilities and identifies underlying problems in the web application.
As part of a web application security assessment, our team will analyse the following key areas within your applications:
Our approach to web application testing and web services security is consistent with the practices documented in the Open Web Application Security Project (OWASP) guides, and is complemented with the extensive experience our consultants have gained by performing hundreds of prior engagements.
Our testing commonly reveals web application vulnerabilities including, but not limited to:
We can assist with the development of application security frameworks, application development training, the implementation of secure Software Development Lifecycles (SDLC), through to source code reviews and application penetration testing.
Sense of Security is also experienced with performing web application penetration testing which addresses the annual PCI DSS Compliance test requirements.
Our consultants are not only security experts, but also have extensive software development knowledge and experience. This translates to pragmatic solutions and consistently successful client outcomes.
Sense of Security is recognised as Australia's leading application security firm. Please visit our advisories page for a list of recently published advisories.