Web Security has become a bigger problem in recent years as more and more sites are hacked every day. At interactive Digital Systems our service employs 60+ test scenarios during security analysis, plus assistance to resolve issues with sites already hacked.
We deliver detailed reports for all our specialist security analysis work to allow you to focus on preventing attacks
The report contains:
- Executive Summary Section
This section is intended for business owners (not technical people) that briefly describes the analysis results, top of the list will be the most critical issues together with any calculated risks.
- Technical Management Overview
This section is intended for technical staff, it outlines the scope of the security analysis work, instruments that were used during the security analysis and our risk calculation methodology.
- Assessment Findings
This section contains a list of test cases that were checked against the site. Each test case will have a status (successfully checked or not). Every parameter on every page will be checked.
All our findings will be demonstrated by screenshots, defined steps to reproduce and/or links on a dedicated video
Discovering vulnerabilities is important, but just as important is being able to estimate the associated risk to the business. That is why risk will be calculated for each found security issue. Each security issue will come with our recommended safeguards. We don’t give vague recommendations, the report will contain specific safeguards for each particular issue in the web system.
We can perform black box testing (when customer provides with minimal information about the web system), but analysing source code (white box testing) brings more results and is more effective.
We can’t give any guarantees that your system won’t be hacked, but we can guarantee that customers receive an objective assessment of security on their web systems that will allow predicting potential issues with their business.
Widespread attacks that we check first…
- XSS (Cross Site Scripting)
- SQL Injection
- Authentication Bypass
- Insufficient Authorization
- Weak Password Recovery Validation
- Client-side Attacks
- Shell Command Execution
- Code Insertion/Execution
- Information Disclosure
- Path Traversal
- Predictable Resource Location
- Abuse of Functionality