According to DOS Arrest Internet Security recent studies they showed through their Vulnerability Testing and Optimization service (VTO) of deep website scans, ninety percent of websites tested were vulnerable to some form of attack.
CIS’s Web Application Testing service is a comprehensive security audit, performed by highly skilled security professionals. Different than automated-testing, our services identify the vulnerabilities of your applications and then provide “Proof Of Concept” of the vulnerabilities flagged. This eliminates the “False Positives” provided by many automated systems and wasted dollars trying to fix vulnerabilities that don’t exist.
Our service is designed to test the limitations of your systems to reduce risk to your key assets that are accessible through the internet and key applications.
Areas Covered by Web Application Testing
- SQL Injection – Traditional and Blind (OWASP A1)
- OS Command Injection (OWASP A1)
- Cross-Site Scripting (OWASP A2)
- Broken Authentication and Session Management (OWASP A3)
- Insecure Direct Object References (OWASP A4)
- Cross-Site Request Forgery (OWASP A5)
- Security Misconfiguration (OWASP A6)
- Insecure Cryptographic Storage (OWASP A7)
- Failure to Restrict URL Access (OWASP A8)
- Insufficient Transport Layer Protection (OWASP A9)
- Unvalidated redirects and forwards (OWASP A10)
- Test PHP applications against Remote and Local File Inclusion
- Exploit WebDAV configuration weaknesses
- Evade firewalls
- Reveal weak HTTPS encryption