Web applications have become wildly popular. This can best be seen by the expanding areas where they are used. Banks, hospitals, law enforcement agencies, businesses – they all use web applications in some ways. Without them we would not have online banking, social media and networks, online shopping and many other services. However, this makes web applications ideal targets for
cyber criminals. By compromising a single web application, an attacker can gain vast amounts of resources and information. This is why it is important to
secure web applications the same way you would secure the rest of your information system. Web application security is becoming a number one priority for many organizations. With the dawn of smart phones and tablets, every user can be online almost 24/7. This provides a great amount of pressure on
web application availability. Unfortunately, every web application is unique. Thus, testing web applications requires a great deal of knowledge and experience.
Nobium has over 15 years of experience in the field of information security. We develop, test and maintain a number of high-end web applications for our clients.
In order to protect information systems, web application vulnerability assessment must be performed:
- when creating new applications,
- after any changes to the application,
- after changing the authorized person (IT, IT security specialists, ..) and
- periodically (at least once a year).
A full security assessment usually examines the susceptibility to the following attacks:
- SQL injection (placing SQL queries)
- Cross site scripting (planting program code)
- CRLF injection (placing special characters)
- Directory Traversal (unauthorized access to directories on the server),
- Authentication Hacking (stolen authentication information),
- ...
After the assessment, clients are advised to fix all vulnerabilities and perceived weaknesses. We recommend repeating the assessment once the system is updated. This should be repeated until:
- no new vulnerabilities are found
- the client decides that some vulnerabilities cannot be corrected
There are many different ways of securing web applications. One can use a number of commercial or open source tools to find weaknesses and vulnerabilities.
Acunetix is one of the more popular commercial tools for
web vulnerability scanning. Like other vulnerability scanning tools, it finds and reports potential weaknesses in web applications. The results need to be correctly interpreted and presented to the client. Of course, there are other tools for web application testing. The
OWASP (Open Web Application Security Project) project is a worldwide organization that aims to improve the security of web applications.
OWASP provides a number of useful tools, methodologies and guidelines for testing web application security.
Web application security testing is a specialized service for checking the security of information system components that are available to the public or business partners through the web browser. Experiences show that Web applications are often the most vulnerable parts of an information system so Nobium offers its clients professional and thorough security checks of Web applications regardless of the technology and platform.
Please feel free to check the price for our web application penetration testing services using our Penetration testing calculator!