According to the SANS institute, vulnerabilities in web applications account for more than 80% of newly discovered vulnerabilities. There are a staggering number of vulnerable websites and web applications on the Internet today, many of which can be found easily using simple Internet searches. Automated vulnerability scanners provide an initial line of defense against common web application vulnerabilities. Unlike automated scanners, however, our consultants understand complex web application context and logic. This enables them to identify many more vulnerabilities than automated scanners alone. Using our comprehensive testing methodology, we can identify vulnerabilities in your: Our methodology incorporates a variety of techniques, including automated vulnerability scanners, proprietary tools, and manual testing, to find vulnerabilities in authentication, access control, session management, user input validation, and output sanitization mechanisms. As a result, we can identify a wide variety of application-layer vulnerabilities, including: In addition, we can identify vulnerable web and application server components and common web server misconfigurations, such as:

At the conclusion of each engagement, we provide a detailed report containing a prioritized list of actionable vulnerabilities. All vulnerabilities include a detailed description, sample exploit(s), remediation recommendations, and applicable references.

Copyright © 2012 Secure Mind Labs, LLC. All rights reserved.