Web Application Security

Industry is increasingly harnessing the huge business potential of web applications. They can help to communicate service and product offerings to customers, ultimately providing online purchasing services. Every industry sector is now embracing the power of web applications from telcos to banks and local to central government. Some businesses trade solely online using web applications for example Internet only banks.

These powerful business tools are built using web sites which interact with business logic and databases on backend systems. Web applications introduce a new class of security risks. Conventional firewalls do not protect against these application level risks and encryption is sometimes misused exacerbating the risks.

Risks

Risks from poorly designed or implemented web applications can include leakage of company and client data for example personal and financial data such as credit card information. This may have legal repercussions if privacy laws are infringed. If issues affecting security are discovered they can lead to customer complaints. There are numerous publicised incidents in which customers have inadvertently discovered security flaws in web applications which have been reported in the media causing adverse publicity and embarrassment.

Advantages

Web application security services can assist by streamlining application flow and helping to build secure and robust applications for the benefit of our clients and their customers.

These services mimic normal web application use and attempt to identify and exploit the class of security issues known to affect web applications. Issues affecting session management, authentication, input validation and databases are thoroughly investigated to map weaknesses and then attempt exploitation.

The result of such an engagement is translated into a roadmap to minimise security risks while maximising the benefits to business of the web application.