Wednesday, November 23, 2011

Security Testing

Posted by S@uR@bH ThE tEsTeR

Security Testing is an indispensable part of Web application development life cycle due to increase in privacy breaches in businesses and organizations. Testree embraces the industry standard testing methodology and keeps track of new vulnerabilities. Testree has repository of reusable Security test cases and gained proficiency in using Security testing tools (open source and industrial standard). Offer

Testree helps to identify business risks that are caused by the security vulnerabilities on in-house developed applications, COTS products or third party applications. Testree offers the following solutions:
Web application penetration testing
Product security testing
Information Systems Risk Assessments / Security Audit
Security Policy and Process Design
Analyzing security vulnerabilities in the applications
Analyzing security quality of internally developed applications
Ensuring compliance with PCI standards, SOX, and HIPAA
Advice on fixing loopholes and future security vigilance plan Value Proposition

Testree has expertise in performing security / penetration testing on the web applications. It follows the industry standard guidelines by Open Web Application Security Project (OWASP) and Web Application Security Consortium.
Comprehensive security analysis
Potential security issue coverage Competency

More than one tool is required to accomplish security / penetration testing of web application. Tool evaluation is executed based on the nature of application and environment. Testree has expertise in using open and industry standard tools (IBM Rational AppScan, Web Inspect, Typhon III, WebGoat, and WebScarab).

Testree has expertise in testing web applications for OWASP Top 10 vulnerabilities, few of them are listed below:
Cross-Site Scripting (XSS) – (Session hijack, Track user activities, Browser exploitation)
Injection Flaws – (SQL injection, XPath injection, LDAP injection, SSI injection)
Malicious File execution
Insecure Direct Object Reference
Cross Site Request Forgery (CSRF)
Denial of Service
Buffer overflow

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)