Web application security testing
Software projects are often plagued with looming deadlines and unfinished functionality with little time, or expertise, to focus on security issues. We can assess your security and risk without the conflicting priorities that development teams face, ensuring that your application is measured against industry best practice rather than functionality that 'just works' or 'passes unit tests'.
We conduct both penetration testing - whereby we simulate attacks on your application - as well as source code evaluation via state of the art scanning technology. We provide a security evaluation report which categorises issues for remediation and risk decision making.
Our methods of penetration testing
To identify security vulnerabilities within applications our consultants use various methods to emulate attackers of varying degrees of skill, motivation, knowledge of the application and resources. These include
- Blind testing: to check how an external hacker would see your application
- Authorised user: to gain unauthorised access to your sensitive data
- Web interface testing: of search tools, credit card gateways etc.
Where practical time constraints, cost and resources limit full testing we tailor tests to focus on specific areas or vectors subject to attack. Alternatively we can also deliver real-time penetration testing results if you need information as soon as it becomes available.
Our source code evaluation services: manual and Fortify Assisted
Application source code evaluation offers the most rigorous means of assessing an application, providing the highest level of security assurance for possible vulnerabilities.
We offer two methods of source code evaluation, either separately to, or in conjunction with, penetration testing:
- Manual source code review: our security specialists act as 'a second pair of eyes' for your source code, with a sole focus on security
- Fortify Assisted source code review: we use state of the art scanning technology to provide fast breadth of coverage across your application allowing our testers to focus on intensive logical and design issues.