The objective of theWeb Application Security Assessment is to increase the security assurance of customers Web Application(s) and protect them from the direct and indirect consequences that can result from vulnerable Web Applications.
Web Application Security Assessment focuses on the application layer of any web applications. Our expertise is based on the OWASP methodology and address all modern attack vectors and vulnerabilities such as SQL Injection, Cross-Site Scripting and Authentication bypass issues.
The major weaknesses, associated attack vectors and resulting vulnerabilities covered during the assessment include but are not limited to:
- Lack of Input Validation and Output encoding: Stored and reflected XSS, DOM-XSS, SQL injection (Blind, Error-Based), Directory Traversal, File inclusion, HTTP Response Splitting, XML/X-Path attacks;
- Lack of Session Security: CSRF, Insecure Redirection from HTTP to HTTPS, Session Fixation, Insufficient Transport Layer Protection;
- Application / Business Logic Flaws: Insufficient Anti-Automation, Insufficient Process Validation, Insecure Password Recovery, Privilege escalation, Inconsistent Workflows;
- Insufficient Application Hardening: HTTPonly, X-Content-Type-Options, Origin Header, Strict-Transport Protocol, CSP;
- Type mapping issues: Conflicting Mime/Charset, Missing Charset, Incorrect Charset;
- Common Native Development Errors: Buffer Overflows, Integer Overruns, Format String;