Your web application is the face of your organization, so it needs to be secure from malicious attackers. We offer comprehensive services to assess the security of your web application, beginning with a review of the technical and operational controls designed to protect critical web application data. We will also assess the network and systems that support the web application, including a detailed vulnerability assessment of the infrastructure.
Next, we manually walk through the web application with appropriate technical staff to understand the logic and operational flows in order to filter out any pages or fields that may generate errors during scanning. We then use automated tools to perform a vulnerability scan of the application without credentials to identify vulnerabilities that may be visible to the general public.
We also perform scans using varying levels of authentication to provide a holistic view of the application’s security vulnerabilities, with a focus on identifying vulnerabilities related to the OWASP top 10 vulnerabilities and SANS top 25 programming errors. To ensure the accuracy of the scans, we work closely with technical staff to confirm the results and exclude false positives.