How secure are your Web applications?

Does your organisation have any externally-facing Web applications? Did you know that over 70% of all cyber attacks target Web application vulnerabilities linked to essential functionality including shopping carts, web forms, login pages, dynamic content and blogs?

It is very likely that your Web application uses a back-end database to store and record confidential customer, employee or partner information. Firewalls and SSL do not provide complete web application security as network ports 80 and 443 must remain open to allow the website to use data from internal database servers. While there is no doubt that complexity and ease of access to Web applications make them easier to attack, the real value to a hacker is the prize of valuable payment and credit card information!

According to a US study published by WhiteHat Security, the average website has thirteen “serious” individual vulnerabilities that could be exploited by cyber criminals. Vulnerabilities like these would be given high, critical, or urgent severity in a typical security audit associated with the Payment Card Industry Data Security Standard (PCI DSS).

The IT Governance Web Application Testing Package is designed to provide a complete solution for the efficient and routine testing of your IT system ensuring that your applications are genuinely secure against today’s automated cyber attacks.

The benefits of the IT Governance Web Application Testing Package include:

• Ensuring all Web applications are secure against cyber attacks
• Agreed scope of testing delivered for known and fixed costs
• Provide assurance to all users (staff, customers, key stakeholders)
• Complete report indentifying vulnerabilities and recommended remedial activity.

The full service package consists of:

Application Testing – for a single (1) Web application with an externally facing interface and a single database. Alignment of testing with OWASP methodology to identify vulnerabilities to most common application exploitation mechanisms. (I.e. Injection Flaws, Insecure Direct Object Reference, Broken Authentication & Session Management). Test Report – a complete description of the tests performed with each potential vulnerability identified and ranked in order of importance. A remedial solution is recommended for each of the potential vulnerabilities. Includes an Executive Summary that clearly identifies the business risks and possible solutions in non-technical layman’s terms.

Please note that a range of optional ‘testing modules’ can be added to the IT Governance Web Application Testing Package. These options are part of the IT Governance Penetration Testing service range and include the testing for additional Web applications, for network infrastructure (Standard Package) or a Wireless LAN system as required.

Please take the opportunity to contact us directly to discuss your requirements and find out how you can book your IT Governance Web Application Testing Package.

Our Customer Service team will be delighted to hear from you and, if required, can arrange for one our Consultants to call you for a no-obligation chat.

For further information, please e-mail servicecentre@itgovernance.co.uk or call on 08450 701750.

IT Governance Web Application Testing Package >>