Web Application Security Assessment

The popularity of web applications has grown over time, with companies migrating from legacy mainframe and database systems to web applications using technologies such as Ajax, ASP, ASP.NET, Cold Fusion, Flash, JavaScript, Perl, PHP and Ruby. These applications expose customer information and other precious data to the Internet. Because of this, testing web application security is of paramount importance. All companies need to ensure that their web applications are secure.

Application software can be exploited by web application defects, logic flaws and bugs. This means that networks and systems can be accessed by third-parties. In response, DSS’s Web Application Security Assessment service offers a pro-active way in which to test security controls. Using in-house research and development, DSS sets out to identify known flaws and also expose unknown flaws in web applications.

Why

  • An industry-leading provider of security assessments.
  • Multi-Stage Attack Analysis detects all possible sources of attack unlike many conventional alternatives.
  • Unique Patent-Pending proprietary security technology which was developed in-house to offer clients the most comprehensive security testing methodology.

The on-demand application testing platform offered by DSS performs a variety of application penetration security audits such as SAP audit and web application security testing. Black Box tests as well as White Box tests are available from DSS. Working in conjunction with the facilities already in place at the client’s organization, DSS conducts enterprise application security in a way that compliments the existing web application security infrastructure and processes.

Advanced Security Analysis exposesunknown vulnerabilities in applications and networks before they can be exploited.

In-House Research and Developmentenables DSS to offer unique and cost-effective solutions to complex problems.

Superior Levelof confidentiality and integrity, as well as the availability of organizational information help to ensure that a competitive advantage is maintained, thereby delivering benefits in terms of cash-flow, profitability and corporate reputation.

Template-Drivenmethodology ensures compliance with industry recognized guidelines such as: OSSTMM, OWASP, PCI, NSE, RBI, etc.

Unique Combinationof proprietary and industry-leading security assessment tools and processes used in conjunction with thorough analysis of identified vulnerabilities.

Our Approach

DSS’s experienced consultants are able to draw upon a combination of proprietary, commercial and open-source tools in order to offer clients excellent value. They work according to industry best-practice and aim to exceed regulatory and compliance requirements.

  • Pre-Assessment Analysis
  • Information Gathering
  • Enumeration
  • Social Engineering
  • Business Logic Analysis and Mapping
  • Threat Profiling & Risk Identification
  • Application Vulnerability Assessment
  • Exploiting Research & Development
  • Exploitation
  • Privilege Escalation
  • Retaining Access
  • Network Propagation
  • Engagement Analysis
  • Mitigation Strategies
  • Report Generation
  • Support

The web-application security assessment has been developed by drawing upon DSS’s wealth of experience and appreciation of customer requirements in order to provide a comprehensive service.

Technical Experience

DDS’s experience has enabled the company to work in a wide variety of operating environments, giving today’s consultants a broad spectrum of technical experience. Among others, DSS has worked in the following environments:

Operating Systems:

Windows Server 2000, 2003, 2008, Redhat Linux, Sun Solaris, HP-UX, IBM AIX, Open VMS, Novell Netware, Open Enterprise Server, Suse Linux, IBM OS/2, Win NT, SCO Unix, SCO OpenServer, IRIX, FreeBSD, OpenBSD, NetBSD, OpenSolaris.

Databases:

Oracle, SQL Server, IBM DB2, MySQL, PostgreSQL, Sybase, Access, SAP DB, Interbase, Ingres, Informix.

Applications:

ASP, .NET, PHP, Ruby, Perl, Python, C#, Java, C/C++, Delphi.

Web Servers:

IIS, Apache, Tomcat, Netscape Enterprise, Caucho Resin Server, IBM HTTP Server, Lotus Domino HTTP Service, JRun, lighthttpd, Oracle HTTP Server, Sun Web Server, WebLogic.

Others:

Microsoft Sharepoint, SAP, Active Directory, ISA Proxy, Squid Proxy.



Find out more about what we do


The company is currently developing a system to combat international cyber crime, which will equip the law enforcement authorities in any jurisdiction to effectively tackle the problem of computer-based malfeasance. Crucially, the technology assists at the most problematic stages of the criminal investigation, including the assemblage of evidence, DDoS protection and web auditing.