Home sitemap Contacts     

Application Security/Web Application Security/Application Penetration Testing

Scope of Application Security

Traditional web applications

Mobile Applications

With ever increasing need for business to open its doors to business, web application is perhaps the first face that an organisation has. This first face is also perhaps the first place to get attracted and attacked in our internet world. With ease of availability of tools and resources, and absence of secure development processes, the need for protecting you web applications is even higher than ever before.   The process applies to both traditional web applications as well as mobile application security.

 

Best Practice Frameworks

OWASP Top 10 (2010)

A1 – Injection

A2 – Cross site scripting (XSS)

A3 - Broken Authentication and Session Management

A4 - Insecure Direct Object Reference  

A5 –Cross-Site Request Forgery (CSRF)

A6 –Security Misconfiguration(NEW)

A7 –Insecure Cryptographic Storage

A8 –Failure to Restrict URL Access

A9 –Insufficient Transport Layer Protection

A10 –Unvalidated Redirects and Forwards

 

How Coral can help?

Coral shall conduct security audit using the best practice methodology as per Open Web application security project (OWASP). The audit shall consist of the following range of assessment.

  • Process Review – involves verification of security in the design and architecture of the software development;
  • Black Box testing – performed mainly through tools is aimed at identification of vulnerabilities through known vulnerabilities resources.
  • White box testing – a much more detail analysis combining tools and analyst risk assessment approach looks for hidden vulnerability areas of the application which may not be visible through tools
  • Code Review – line by line review (and most expensive) involves verification of functionality and security controls.
 





Despite all development environmental vulnerability databases available, the most intriguing part remains the ability to assess the application business logic as coded by the developer. The amount of time and effort that exists with the developer is no match with the amount of time the security assessor has, and therefore remains the most intriguing part of the application security assessment.

Consulting Services

Consulting Services

 ISMS-ISO 27001  |  ITSM-ISO20000  |  BCM-BS25999  |  ERM-ISO31000  |  SSAE 16 – SAS 70  |  PCI-DSS  |   IT Governance-COBIT   |  Network Security Assessment
Penetration Testing

Training Services
Training Overview  |  Training Calendar  |  Online Training  |  Consultant Mentoring

Knowledge Center

 Differences

Industry Supported

 New Venture - Venture Capital Business Cloud Computing  Electronic CommerceTelecom – Mobile  |  Banking  |  Manufacturing   |  Public Utilities  |  Healthcare  |   Supply Chain |  Business Process Outsourcing  |  Oil and Gas  |  Research and Development  |  Remote Infrastructure Management (RIM) provider  |  Software Development  |  Others

Why Coral eSecure?
Vision  |  Consulting Methodologies  | Coral News

Products

 What is risk assessment lifecycle?

Contact Us

 Contact Us  |  Be our Partner Join our mailing list  |  Careers 
© 2012 www.coralesecure.com, All rights reserved
SEO by SEO India
&npsp;&npsp;&npsp;&npsp;
Web Design India Internets