A web application has several assets to protect: the data inside the application confidentiality of which must be protected and/or integrity of which must be assured; the availability of this data, so that authorized users can access it at all times; and the systems accessible through the web application, e.g., databases and other internal servers. A compromise of the application security could place all of these assets at risk. A web application (e.g. an e-commerce application) is visible to all Internet users. Often even the legitimate, authorized users number in thousands. Because of the high number of potential attackers, and because security breaches of web applications are often very visible and create a lot of bad publicity, web application security should be tested as thoroughly as network security in general.
Alpha Networxx ‘s web application security audit evaluates the web application security both from an attacker’s and an authorized user’s point of view. Like an attacker, we evaluate if it is possible to access the service without authentication or in some way collect information (e.g. from old sessions) and use it to access the service. The outcome of a web-application audit will be a report clearly identifying the security issues identified in the application, which can be used from the client side to communicate with application developers to rectify issues, or be used in identifying technical solutions to address the issues of the application. Due to extensive knowledge in application security, Alpha Networxx can also assist in identifying solutions, which can harden applications and protect against hackers, vulnerabilities and loss of data.
