About Sword & Shield
Since 1997 Sword & Shield has been the trusted information security partner for 3000 clients in 50 states and 27 countries around the globe.
Awards CertificationsRequest Consultation
Company News
-

Since 1997 Sword & Shield has been the trusted information security partner for 3000 clients in 50 states and 27 countries around the globe.
Awards Certifications

Web Site Security
A Web Security Test finds vulnerabilities that may be exploited to gain access to your internal data and network via your Web-based application. No matter where you are in the development lifecycle or whether your application is “off the shelf,” custom designed, or provided as an outsourced service, Sword & Shield can identify security flaws in application design, development, deployment, upgrades and maintenance.
Now that many government and industry regulations mandate periodic Web security testing, you need a knowledgeable testing partner. Sword & Shield can identify Web site security weaknesses and provide detailed recommendations to reduce risk.
Our Web Security Testing Methodology
Our objective is to examine the subsystems, components, interactions and security mechanisms of the Web application and identify Web security weaknesses. Sword & Shield analysts have extensive experience and use commercial and proprietary tools, and public domain utilities to examine the security posture of an application. We analyze Web application security from several vantage points: the unauthorized user, the authorized user, and to the extent possible, the administrative and developer users. Sword & Shield’s Web Security Testing approach consists of eight key stages:
Sword & Shield can perform Web Application Testing remotely with no travel costs, or on site, depending on the test plan most suitable to the client.
Questions Our Report Will Answer
Real Success Stories
Preventing a breach via custom Web Security Testing
While conducting an application assessment for a small insurance company, Sword & Shield analysts discovered a permissions issue within a custom Web application. The application allowed anonymous (non-authenticated) Internet hosts to view detailed information about the company’s clients, including date of birth, social security number, and insurance policy details. The application was not properly tracking sessions and session states, which enabled this security loophole.
Based on Sword & Shield’s findings, the insurance company was able to correct the session and session state issues. Sword & Shield’s Web Security Testing helped the insurance company prevent a security breach via their custom Web application.
Correcting SQL injection vulnerability to protect patient data
When performing an external Web application assessment/penetration test for a hospital, Sword & Shield analysts discovered an error-based SQL injection vulnerability on an insignificant page of the hospital’s main public Web site. When the SQL injection toolset normally used by the analysts to exploit the vulnerability failed because of character filtering, they modified an existing open-source injection program and created new scripts to overcome the filtering limitations. The vulnerability led to a complete compromise of the underlying, shared internal database, which contained personally identifiable information (PII) on hospital workers, sample credit card information, and login authentication information. Using the authentication information, the analysts were able to create new accounts or log into existing accounts on the hospital’s employee Web pages from the Internet.
The hospital was in the process of implementing an online store and the SQL injection vulnerability could have led to identity and/or information theft via the Internet. Based on Sword & Shield’s Web Security Testing, the hospital modified the offending Web application code to correct the SQL injection vulnerability—thereby preventing a potential security breach.
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or contact us by phone so we can begin securing your future.
U.S. Toll-free: 800-810-1885
International: 865-244-3500
Request a Consultation