The Service: Web Application Security Assessment
Nowadays most companies have an online presence in the form of websites and web services which users can interact with, to purchase products, access their accounts, interact with the community. A well-built web site will help a company reaching its potential users and thus significantly improve the image of the company. Malicious actors (competitors, black hat hackers and occasional hackers) can undermine this image by discovering, exploiting and making public a vulnerability. Critical vulnerabilities can affect the integrity, availability and confidentiality of both users' data and corporate's confidential information with devastating effects. In 2017, Equifax Inc., a consumer credit reporting agency, was hacked by unknown malicious actors and 694,000 UK customers were affected. The vulnerabilities (note the word used is not singular) affecting a website owned by Equifax, have been previously reported by independent researchers but ignored by Equifax for more than 6 months.
CodeGrazer offers web application security assessment services, designed to cover all the security aspects related to your external network.
During a web application security assessment the consultant will target both your external infrastructure and web services according to your needs in order to uncover vulnerabilities such as the ones thouroughly described in the OWASP TOP 10 list of vulnerabilities. Our consultant will use a set of automated tools and manual techniques to find and exploit these vulnerabilities. Tests will be conducted from an authenticated and unauthenticated perspective in order to cover as much surface (e.g. functionalities) as it is available to users and staff members. Within 2 working days from the completion of the assessment, the consultant will deliver a report illustrating the state of your external network and services (within the executive summary), listing and describing discovered vulnerabilities based on their criticality and exploitability, showing detailed proof of concept for exploited vulnerabilities and finally suggesting a fix. Reports come in both a written format (PDF) and a concise format (Excel).
Mobile Application Security Assessment
Mobile applications similarly to web applications increase both sales and traffic towards the services offered by your company. Unfortunately mobile applications can be affected by the same vulnerabilities affecting web applications together with a new set of vulnerabilities which target the way mobile apps manage local data and access the phone's functionalities. CodeGrazer's consultant will assess the mobile application (typically for iOS and Android) against the vulnerabilities described in the OWASP TOP 10. Finally the consultant will deliver a report listing the issues identified in order of criticality and a way to fix them.
By purchasing CodeGrazer's external penetration testing services you will be able to:
- Discover critical vulnerabilities.
- Improve the security standards of your external infrastructure and web services.
- Protect your image and your users' data.
- Assess your patching policy to discover if your assets are protected against the latest vulnerabilities.
- Learn how to find bugs from a top level bug hunter by watching detailed proof-of-concept videos related to vulnerabilities discovered on your assets.
- Receive free of charge retests for web application vulnerabilities if you fix them within 3 months from the completion of the assessment.