BS7799 India, ISO 17799, ISO 20000/BS 15000
Penetration Testing India, Internet Security Audit, Information Security Management System  

Consulting Services
ISMS/ISO 27001
ITIL/ISO 20000
BCM/BS25999
Network Security
CMDB Implementation
Penetration Testing/OWASP
IT Governance/COBIT
IT Balance Scorecard
SAS 70
Quick Gap Analysis
Simulation Training
ISO 20000
ITIL Service Management
Project Management
Business Continuity
MoF
Training Calender
Fast Track Courses
Clients
Testimonials
 
Penetration Testing - Open Web application Security project (OWASP)
 

Why Web Application Security?

With ever increasing need for business to open its doors to business, web application is perhaps the first face that an organisation has. This first face is also perhaps the first place to get attacked in our internet world. With ease of availability of tools and resources, and absence of secure development processes, the need for protecting you web applications is even higher than ever before.  
Security testing, by itself, isn't a particularly good measure of how secure an application is, because there are an infinite number of ways that an attacker might be able to make an application break, and it simply isn't possible to test them all. However, security testing has the unique power to absolutely convince naysayer that there is a problem.  Security testing has proven itself as a key ingredient in any organization that needs to trust the software it produces or uses.

OWASP Top 10

A1 - Cross Site Scripting (XSS)
A2 - Injection Flaws        
A3 - Malicious File Execution         
A4 - Insecure Direct Object Reference      
A5 - Cross Site Request Forgery (CSRF)     
A6 - Information Leakage and Improper Error Handling         
A7 - Broken Authentication and Session Management          
A8 - Insecure Cryptographic Storage         
A9 - Insecure Communications      
A10 - Failure to Restrict URL Access
How Coral can help?

Coral shall conduct security audit using the best practice methodology as per Open Web application security project (OWASP). The audit shall consist of the following range of assessment.

  1. Process Review
  2. Black Box testing
  3. White box testing
  4. Code Review

Note: The total number of attack vectors is 43 and the top 10 list is only to consider areas with higher vulnerabilities in the recent past. Coral’s assessment methodology takes into consideration a process of applicable threats which considers all 43 attack vectors as a part of the risk assessment process before initiating the testing process.

Coral eSecure is an authorized empanelled CERT-IN Auditing organisation!

If you are interested in any of our services, please call us at +91-9910779519 or write to us at roadmap(at)coralesecure.com. We shall contact you shortly.
  ISO 27001 BS7799 ISO17799 ISO 20000 BS15000 
Home About UsCoral News | Careers | Resources

  Network Security Audit India  |  Security Consultant India  | ISMS Training India |  Business Continuity Testing 
 27001 Training India ISO/ 17799 Training India

Coral eSecure Private Limited, B1/1468 Vasant Kunj, New Delhi - 110 070, India, Phone: +91-11-26895995

© 2005 www.coralesecure.com, All rights reserved webWeb Designing - India Internets