Web Application Audit

Secure your Web Application

An audit of your web application helps you, preventing data loss like it might be caused by SQL injections or similar attacks. In addition, a web application audit finds misconfigurations of running services which minimizes the risk of attacks. In contrast to a penetration test, a web application audit gives a more comprehensive overview that covers more aspects.

Overview

Web applications are popular targets of cyber attacks due to their vast spreading and their world wide accessibility. Modern web applications are the backbone of various business models which increases the threat of being attacked. Often databases with user accounts or payment information make it profitable to attack web applications. Data loss, legal recourse or a damaged image are some of the consequences of successful attacks.

During an audit, we do focused and realistic attacks on your web application in order to identify vulnerabilities and security related issues. This includes the web server as well as other services, that are relevant to run your web application. These attacks might be from the perspective of an external adversary as well as from a normal user.

The basis for the web application audit is the widely known Web Application Penetration Testing guideline published by the non-profit OWASP (Open Web Application Security Project) organization and their Application Security Verification Standard (ASVS).

During the audit, you get regular reports, that keep you up-to-date and informed about the ongoing steps. In the very end, you get a final report that contains all the details about issues, their rating and how to come by. Every issue is prioritized, which makes it easier to decide about your next step.

Properties

A web application audit is a security audit where the following properties apply.

What can be tested

Web applications and their operating environment (e.g. Webserver)

Basis of information

White, grey or black box

Source

External or Internal

Strategy

Direct attack attempts or covert attack

Scope

Full or focused

Aggressiveness

Passive, polite, aggressive or paranoid

Get more InformationContact