Application Testing

In-depth online application analysis

IT Security Compliance regulations and guidelines (GLBA, NCUA, FFIEC, HIPAA, etc.) require an organization to conduct independent testing of the Information Security Program to identify vulnerabilities that could result in unauthorized disclosure, misuse, alteration, or destruction of confidential information, including Non-Public Personal Information (NPPI). Web applications, such as online banking, loan applications and online purchasing, are necessities in today’s business environment. These applications require access to confidential or NPPI, which increases the risk of unauthorized access to the information.

Web applications have become common targets for hackers, because web applications often contain application layer vulnerabilities. Hackers can leverage a relatively simple vulnerability to gain access to confidential information or NPPI, such as credit card data, social security numbers and health records. While firewalls and network vulnerability scanners are an important layer of any Information Security Program, they can’t defend against attack on web applications. It is critical for an organization to ensure that its web applications are not susceptible to these types of attacks.

Best Practices state that each organization should perform a web application test in addition to regular security assessments in order to ensure the security of its web applications.

TraceSecurity Application Testing methodology is based on the Open Web Application Security Project (OWASP) methodology which includes:

  • Software Infrastructure/Design Weaknesses
  • Input Validation Attacks
  • Cross Site Scripting Attacks
  • Script Injection Attacks (SQL Injection)
  • CGI Vulnerabilities
  • Password Cracking
  • Cookie Theft
  • User Privilege Elevation
  • Web/Application Server Insecurity
  • Security of Plug-Ins and Developer Code
  • 3rd Party Software Vulnerabilities
  • Database Vulnerabilities
  • Privacy Exposures

TraceSecurity’s Web Application Test is performed by TraceSecurity’s expert security engineers that have a vast level of knowledge and experience testing online applications. TraceSecurity web application testing metholdology is almost entirely done manually rather than using automated scanners to ensure your applications are secured. The methodology allows TraceSecurity engineers to find vulnerabilities beyond what may found with automated scanning tools.