Applications exist across the breadth and depth of your business. They can be internal and external, hosted with third parties, operate on cloud or traditional data centres and they can take many formats from web applications, API Gateways, microservices and single page applications (SPA) on the web footprint to thick client applications, or custom apps running on IoT devices.
Most consumer applications now extend to mobile devices, moving the boundary well beyond the perimeter of your physical business.
We identify vulnerabilities inherent in the application code itself, regardless of the technology in which it is implemented or the security of the web server/back end database on which it is built.
Web Application Security is essential for all entities relying on their applications for business. Web sites can include authenticated and unauthenticated components, user interactive features or computer-computer API’s for data transmission and processing. Today’s modern web applications are likely to incorporate server-side functions that mobile applications consume, and they are also more likely to be deployed as micro-services through cloud centric infrastructure technology including containerisation.
We are the industry leaders in application security testing and have published a landmark paper on the State of Web Application Security in Australia
Our mobile application security review identifies vulnerabilities and misconfigurations that can lead to code execution, privilege escalation, data leakage, information disclosure and other security concerns. Testing the mobile security of devices is essential to uncover vulnerabilities and exposures, and lead the way to determining best-practice, configuration recommendations and lists of safe and unsafe apps.
These strategies cover a range of activities requiring attention from Bring Your Own Device (BYOD) to Mobile Device Management (MDM) and broader governance and user awareness into security implications around mobility.
Thick client applications
A Sense of Security thick client application test assesses risks that include information disclosure, unauthorised access, authentication bypass, unauthorised execution of high privilege transactions or privilege escalation. Most of the Open Web Application Security Project (OWASP) Top 10 vulnerabilities are as applicable to Thick client applications as they are to web applications.
SOS application penetration credentials
Our security testing experts are Australia’s best.
We perform penetration tests in Australia and abroad for many of the world’s leading brands. This is backed by our commitment to staff development, certification, IT Security Research, and the publication of regular IT Security Advisories and thought leadership which set us apart from the competition.
We are a founding member of CREST in Australia, demonstrating our continued commitment to elevating the quality of testing in the region.