How many web-based applications do you expose to internal and external users? Chances are good that just about every department within your organization is using web apps daily for standard business functions. While the benefits of these apps are many, they also bring with them hazards for which you should be prepared.
A web application assessment is a specific test designed to identify threats of unauthorized access, so you can keep your sensitive information safe and secure no matter how many web-based applications your organization is using.
The goal of the web application security assessment is to identify security issues and weaknesses in the web-based application as installed, configured, maintained, and used in the production environment. Examples of the types of security issues assessed include:
- Input/Output validation (e.g., cross site scripting, SQL Injection)
- Application logic flaws (e.g., authentication bypass)
- Server configuration errors/versions (e.g., directory traversal, missing patches)
The assessment is a dynamic review of the state of the application and infrastructure security at a point in time. Findings will be reflective of the current state of security. The deliverable will contain detailed information based on NIST 800-53, and will include the vulnerabilities discovered, the number of vulnerabilities, and detailed remediation recommendations.