Application Security Testing
The Challenges
We have all seen the articles, “Major e-commerce site hacked: millions of credit card numbers stolen.” In this day and age, our world is a constant interaction with some sort of computer application. Doctors use wireless applications to update our medical records and send prescriptions to our pharmacies. Gasoline pumps verify that we have funds to pay for the gas we pump and initiate the payment process. Online shopping is so convenient, and we can find literally anything we want. Everywhere you look, there is a computer application waiting to help you. But are they safe?
Application Defined
Applications are collections of executable programs that receive input, process data, and output information. Software is used by clients, customers, and end users; web, business logic, and database servers; to move, collect, store, and manipulate data. The interaction of all of these components makes up an application. Applications often involve trust relationships between the different programs and machines involved. The interactions and relationships between all of these components can range from very simple to quite complex. Application security testing is about validating that proper security measures have been taken in the design, development, and implementation of programs and systems used to achieve an organization’s mission. At each connection point, such as the interaction between a web browser and the web server, or between a web server and a business logic server, there is potential for abuse. The operating systems and programs involved require configuration, patches and updates. Programs created in-house need to be carefully constructed.
Web Security Auditing
Sword & Shield engineers use several vantage points to develop a detailed analysis of how secure an application is: the unauthorized user, the authorized user, and to the extent possible, the administrative and developer users. From code reviews to SQL injection to replay attacks using both automated tools and time proven manual techniques, Sword & Shield can help you so that your customers feel comfortable using whatever application you are developing.
Find out more:
Penetration Testing
Database Security Testing
Wireless Security Testing
Telecom/PBX Security
Social Engineering
For Information on how Sword & Shield is helping federal agencies integrate penetration testing to address FISMA mandated annual security reviews, click here.
For more information on the growing threat of VISHING attacks, click here.
If you need help with your compliance initiatives, click here.
Our Markets
We service many markets, predominantly in these sectors:
Request Consultation
To speak to a member of our team, please fill out this request form.
