Web application security
Our experts are experienced in the many facets of securing your applications. They work hard to maintain their currency and expertise and can advise you on how to secure your business. We even share our expertise with others in the industry – you can find out more in our landmark research report The State of Web Application Security in Australia.
The Sense of Security approach
Our team will assess your web application to uncover areas of weakness in the application, your servers and data – regardless of the technology – and the processes you have wrapped around it.
Our assessment will include analysis of the critical components of any web-based portals, e-commerce applications and web services platforms you use.
We will use specialised techniques to challenge your systems, including manual attacks, and proprietary and commercial tools.
Types of assessment we use
Our assessment of your systems will include analysis of your site architecture, business logic, user interfaces, access controls, authentication methods, data validation, confidentiality and privacy vulnerabilities.
Typical weaknesses we find
The most common weaknesses we find in our vulnerability testing include the risk of HTTP attacks, cookie poisoning and denial of service attacks.
What we can do for you
Our web application security testing procedures follow Open Web Application Security Project (OWASP) guidelines.
To resolve the vulnerabilities in your system, our experts will usually recommend, and work with you to:
- Implement secure software development lifecycles (SDLC)
- Conduct source code reviews
- Develop web application security tools and frameworks
- Undertake in-house application development training to upskill your team.
Penetration testing actively challenges your system from outside – mimicking a hacking attempt. Penetration testing complements our web application security services by modelling existing and potential threats to your systems. You can learn more about our penetration testing services.
Recent IT security advisories
Talk to our expert team if you want more information on:
- session hijacking
- information disclosure
- hidden manipulation
- parameter tampering
- cross site scripting (XSS)
- stealth commanding
- forceful browsing
- directory traversals
- backdoors and debug options
- configuration subversion
- buffer overflow
- vendor option exploitation
- access to administration areas and internal modules
- SQL injection
- improper management of permissions
- XML/SOAP vulnerabilities.