management to technical
What We Do
The Security Bureau’s Web Application Security Testing service covers a wide area of security testing designed specifically for web applications. We aim to identify any opportunity where attackers, whether they are unauthorised or legitimate users, can perform some kind of action that will expose your information. We go beyond finding SQL injection and cross site scripting (XSS) and perform logic testing to find ways that attackers could defraud you. E-commerce websites have been known to allow users to purchase items for less than their advertised price or even credit their accounts.
How We Do It
The Security Bureau tests to the OWASP Top Ten but we go beyond that. The exploitation of vulnerabilities in a web application can follow a number of steps so that low rated issues are escalated to the complete compromise of the application. Once an application has been compromised by an exploitable vulnerability, The Security Bureau will attempt (if permitted) to leverage this information to:
– Access restricted data
– Modify site content
– Change the value of goods
– Gain additional user privileges
– Gain additional system information
What You Get
We will send you a detailed technical report on the detected issues along with guidance on how to resolve these. The report will also contain a high level management summary to ensure that the detected issues can be understood by non-technical staff.
The management summary section will restate your main security concerns and your drivers for security testing and the outcomes of these. We will also suggest short, mid and long term security strategies to meet your security goals.
The Security Bureau can present the findings by presentation over in a face to face meeting or a conference call if required.
Our services are provided by CREST accredited consultants and our penetration testing services are performed to a high standard. As part of our ongoing professional training we are constantly learning about new threats. As we familiarise ourselves with your systems and infrastructure we will be able to keep track of any security developments that are particularly relevant to you, and inform you of these.