What is an Application Security Assessment?
Application compromise can result in fraudulent transactions, corrupt databases or obscure system behaviour, leading to downtime, or other significant inconvenience whilst the problems are rectified - any of these issues can cause brand damage and potential legal issues should personal data be leaked. The risks to your business can be reduced with a SecQuest Application Security Assessment.
We will start the assessment with reconnaissance and familiarisation of the application’s features depending on the type of application being assessed. Where user authentication is required we will test for issues such as vertical escalation and data leakage, as well as authentication bypass issues. Standard tests including SQL injection, remote file inclusion, cross-site request forgery and user input sanitisation will also be performed. We will attempt to leverage application configuration issues to gain access to the application’s underlying operating system and internal networks depending on the scope of testing. A full report will be provided with a management summary giving a plain English overview of any issues found in the application whilst technical sections contain details of our findings and recommendations to address any security issues discovered.
Our consultants have extensive knowledge of application security testing and general application controls circumvention techniques. We have tested applications from industry sectors including banking, pharmaceutical, manufacturing, retail, gambling and many more. We have more than twenty years of experience in front line consulting for one of the world’s largest IT services corporations, delivering quality assessments across most industry sectors. SecQuest works with trusted partners to deliver quality and competitive services. SecQuest are based in the UK and operate world-wide. All SecQuest consultants hold current UK security clearance. SecQuest will be pleased to discuss your requirements for security testing.
SecQuest offer the following security services
- Bespoke Security Assessments
- Internal / External Infrastructure Assessment
- iSeries/AS400 Assessment
- Mobile Application Assessment
- Network Security QuickLook
- Radio Security Assessment
- SCADA Security Assessments
- Security Configuration Reviews
- Telephony and Modems Assessment
- Voice over IP Assessment
- VSAT Security Assessment
- Wireless LAN Security Assessment