Sense of Security is one of Australia’s most trusted providers of cyber resilience, information security and risk management services.

Latest announcements
© Copyright Sense of Security
Cyber Security Services

Web application security

Being exposed via your web applications can seriously harm your business. Many attacks target the application layer, where the configuration and monitoring of your perimeter security – firewalls and intrusion detection systems – can limit its effectiveness.

Use good advisors and listen to their advice

Our experts are experienced in the many facets of securing your applications. They work hard to maintain their currency and expertise and can advise you on how to secure your business. We even share our expertise with others in the industry – you can find out more in our landmark research report The State of Web Application Security in Australia.

The Sense of Security approach

Our team will assess your web application to uncover areas of weakness in the application, your servers and data – regardless of the technology – and the processes you have wrapped around it.

Our assessment will include analysis of the critical components of any web-based portals, e-commerce applications and web services platforms you use.

We will use specialised techniques to challenge your systems, including manual attacks, and proprietary and commercial tools.

Types of assessment we use

Our assessment of your systems will include analysis of your site architecture, business logic, user interfaces, access controls, authentication methods, data validation, confidentiality and privacy vulnerabilities.

Typical weaknesses we find

The most common weaknesses we find in our vulnerability testing include the risk of HTTP attacks, cookie poisoning and denial of service attacks.

What we can do for you

Our web application security testing procedures follow Open Web Application Security Project (OWASP) guidelines.

To resolve the vulnerabilities in your system, our experts will usually recommend, and work with you to:

  • Implement secure software development lifecycles (SDLC)
  • Conduct source code reviews
  • Develop web application security tools and frameworks
  • Undertake in-house application development training to upskill your team.

Penetration testing

Penetration testing actively challenges your system from outside – mimicking a hacking attempt. Penetration testing complements our web application security services by modelling existing and potential threats to your systems. You can learn more about our penetration testing services.

Recent IT security advisories

Talk to our expert team if you want more information on:

  • session hijacking
  • information disclosure
  • hidden manipulation
  • parameter tampering
  • cross site scripting (XSS)
  • stealth commanding
  • forceful browsing
  • directory traversals
  • backdoors and debug options
  • configuration subversion
  • buffer overflow
  • vendor option exploitation
  • access to administration areas and internal modules
  • SQL injection
  • improper management of permissions
  • XML/SOAP vulnerabilities.

You can keep up with the latest threats we are seeing by reading our Sense of Security advisories.

Learn more about web application security.

Act to protect your systems by calling one of our trusted experts on 1300 922 923 or make an enquiry today.