Application Security/Web Application Security/Application Penetration Testing

Scope of Security Testing

Web applications and products

Mobile Applications and products

With ever increasing need for business to open its doors to business, web application is perhaps the first face that an organisation has. This first face is also perhaps the first place to get attracted and attacked in our internet world. With ease of availability of tools and resources, and absence of secure development processes, the need for protecting you web applications is even higher than ever before.   The process applies to both traditional web applications as well as mobile application security.

Best Practice Frameworks

OWASP Top 10 (2013)

A1 Injection

A2 Broken Authentication and Session Management

A3 Cross-Site Scripting (XSS)

A4 Insecure Direct Object References

A5 Security Misconfiguration

A6 Sensitive Data Exposure

A7 Missing Function Level Access Control

A8 Cross-Site Request Forgery (CSRF)

A9 Using Components with Known Vulnerabilities

A10 Unvalidated Redirects and Forwards

How Coral can help?

We use a risk assessment approach that involves understanding the application/product using a structured methodology: The process involves the followings(not exhaustive):

  • Functional review - understanding the business requirement
  • Threat modelling: identification of applicable threats keeping in mind business functionality, features, application/product interfaces and users.
  • Security in software development life cycle - this involves verification of security in the design and architecture of the software development process;
  • Black Box testing – performed mainly through tools is aimed at identification of vulnerabilities through known vulnerabilities resources.
  • White box testing – a much more detail analysis combining tools and analyst risk assessment approach looks for hidden vulnerability areas of the application which may not be visible through tools
  • Code Review – line by line review (and most expensive) involves verification of functionality and security controls.
  • Format report benchmarking strengths and weaknesses including detail remediation.
  • Verification of closure after successful implementation. 

Contact Us Now !