Application Security
Application security is the overall process of testing the security of an application through identifying, resolving and preventing threats and vulnerabilities. These threats and vulnerabilities include malware, phishing attacks, DDoS attacks and data breaches.
When it comes to application penetration testing, the main elements that are included are web applications, web services, mobile applications and thick-client applications.
Web Applications
Web Application Security is essential for all commercial website owners who rely on traffic to their page for business purposes. It is a specific form of Information Security that protects a comprehensive range of web platforms from security breaches. These include databases, social media sites and software. Therefore, in a global 24/7 economy, you can’t afford to spend time fixing web application vulnerabilities that could leave your site down for hours, days or even permanently.
A Sense of Security web application test identifies vulnerabilities inherent in the code itself, regardless of the technology in which it is implemented or the security of the web server/back end database on which it is built.
Web Services
Web services can be defined as a controlled way of incorporating web based applications that use open standards such as XML, SOAP, WSDL and UDDI. A more simple way of describing it is that web services enable communication from varying applications and sources without the necessary arduous custom coding of the past. With all the cross-platform and cross-boarder communication, the avenues for a potential attack are plentiful.
A web services review will evaluate the security of the online SOAP based XML generator which allows a key to be submitted and XML generated data to be downloaded. It should be “read only” and acts similarly to a semi-protected RSS feed. Like a web application test, a Sense of Security web services test also identifies vulnerabilities inherent in the code of the Web service itself, regardless of the technology in which it is implemented or the security of the Web server/back end database on which it is built. This review models threats from the custom application layer.
Mobile Applications
The use of mobile devices is now mainstream across all sectors with continued rise in adoption of smartphones and tablet technology. Organisations have had to develop strategies to accommodate changes in workforce mobility requirements and expectations. These strategies need to cover a range of activities requiring attention from Bring Your Own Device (BYOD) to Mobile Device Management (MDM) and broader governance and user awareness into security implications around mobility. While there has been much discussion on these topics in the past few years, one aspect of mobility in particular presents significant exposure – exploitation directly through malicious mobile applications. The problem is that users and organisations who are using/managing mobile devices don’t know what the applications that they are downloading and using are actually doing, leaving them exposed and possibly compromised.
A Sense of Security mobile application security review identifies vulnerabilities and misconfigurations that may lead to code execution, privilege escalation, data leakage, information disclosure and other security concerns. Testing the mobile security of devices is essential to uncover vulnerabilities and exposures, and lead the way to determining best-practice, configuration recommendations and lists of safe and unsafe apps.
Thick Client Applications
Thick client is defined as an application client that processes data in addition to rendering. An example of thick client application can be a Visual Basic, JAVA or VB.NET application that communicates with a database.
A Sense of Security thick client applications test observes risks that include information disclosure, unauthorized access, authentication bypass, application crash, unauthorized execution of high privilege transactions or privilege escalation. It is interesting to note that most of the Open Web Application Security Project (OWASP) Top 10 vulnerabilities are as applicable to Thick client applications as they are to web applications.
How can Sense of Security help?
Our security testing experts are among the best in Australia, and have performed penetration tests in Sydney, Melbourne and abroad for many of the world’s leading brands. This is backed by our commitment to staff development, certification, IT Security Research, and the publication of regular IT Security Advisories which set us apart from the competition.
To discuss how our specialist security services can help your organisation test your security posture please contact us on 1300 922 923 or complete the enquiry form by pressing the button below.