How it works ?
An application security assessment looks at your application and reports on weaknesses found. Contrary to penetration tests, here the ultimate goal is not to penetrate the application, but to report on vulnerabilities found. Our approach is:
- Business Driven: vulnerabilities are investigated, documented and reported according to the potential damage that may arise if they are exploited.
- Manual Driven: a skilled and experienced consultant will assess the security of your critical application.
Our methodology is based on the Open Web Application Security Project (OWASP) testing guide for tests on the (web) application level. We use a mixture of automated scans using open source as well as commercial tools, followed by a verification and deeper probing of the application by a highly skilled consultant.
Web Services Security
A Web service is a standardized way of establishing communication between two Web-based applications by using open standards over an internet protocol backbone. Generally web applications work using HTTP and HTML, but web services work using HTTP and XML. Which as added some advantages over web applications. HTTP is transfer independent and XML is data independent, the combination of both makes web services support a heterogeneous environment.Web services have some added advantages over web applications. Some are listed below:
- Language Interoperability (Programming language independent)
- Platform Independent (Hardware and OS independent)
- Function Reusability
- Firewall Friendly
- Use of Standardized Protocols
- Stateless Communication
We use the vulnerability scanner soapUI that is one of the most recognized tools of Penetration Testing. In contrast, WSInject is a new fault injection tool, which introduces faults or errors on Web Services to analyze the behavior in an environment not robust. The results show that the use of WSInject, in comparison to soapUI, improves the detection of vulnerability allows to emulate XSS attack and generates new types of them.
Mobile Application Security
Internet access over mobile phones is increasing at a rapid pace. In May 2012, Indian users accessing internet over mobile devices surpassed those accessing the internet over desktops and laptops (Source: Glabal StatsCounter). As a result, most companies are developing mobile based application as an avenue of interaction with its new age consumers.
Mobile App Security Testing service provides a detailed security analysis of your phone or tablet based app. A key feature of this service is manual testing by experienced security professionals, which typically uncovers many more issues than automated tests alone.
A final written report provides an analysis of any security or service problems discovered together with proposed solutions, links to detailed advisories and recommendations for improving the security of both the app and the web services it uses.