As more organizations leverage
the Internet for business and commercial transactions, attackers are focusing
on applications to penetrate corporate security controls. Historically, developers
have focused on functionality over security, which has presented an entirely new
venue for attackers to launch exploits and compromise systems and information.
Service
Description
Digivera's DVAudit-Web On-Demand Web Application security assessment service provides
a customized, extensive, impartial, and periodic security analysis of internally
developed or commercial enterprise applications. This service evaluates current
security standards and levels of compliance to give organizations a well-developed
matrix of existing threats, web application vulnerabilities, and real-world recommendations
to address specific weaknesses. In addition, we use a library of proprietary tests
and custom-developed tools to check for vulnerabilities that cannot be identified
through automated means.
The
Digivera Advantages
Digivera's
DVAudit-Web services are performed only by experienced and credentialed professionals,
most of whom are CISSPs and Solutions Architects. We participate in industry associations
such as InfraGard, OWASP and OSSTMM open source forums. All this is put to work
for you; we go beyond the basic application assessment to:
 | Demonstrate
due diligence for regulatory compliance (as applicable); |
| Assure
web applications are sufficiently hardened; |
| Deliver
actionable findings and strategic recommendations; |
| Provide
knowledge transfer to your internal security resources; |
| Utilize
dedicated senior project team with global recognition in the security industry. |
Service
Benefits
Some
organizations believe web applications have security built in or are "good to
go" out of the box. This is not usually the case. In fact, it is rarely true.
Digivera's web security and solutions architects help put the security back into
your web applications:
| Digivera
does not use or rely on open source tools and scanners for application assessments
scanning because of their relative immaturity. All our testing is performed via
our automated On-Demand Service which provides 100% testing coverage, accuracy
and backed by experienced security professionals. |
| Digivera
performs comprehensive threat analysis to identify key assets needing protection
and defines security threats to those assets. |
| Digivera
will provide you with a detailed report on security vulnerabilities along with
architectural and operational weaknesses identified based on our proprietary checklist
that goes beyond requirements identified in the OWASP standard or checklist. Our
findings report also provides detailed explanations of countermeasures necessary
to secure applications, data assets, and resources, and outlines policy recommendations
to ensure long-term compliance with industry best practices. |
Assessment
Coverage Areas
| Injection
flaws (e.g. SQL Injection) |
| Cross-site
scripting (XSS) attacks |
| Broken
access control (e.g. malicious use of user IDs) ations to ensure long-term compliance
with industry best practices. |
| Broken
authentication/session management (use of account credentials and session cookies)
|
| Insecure
configuration management |
| Improper
error handling |
| Insecure
storage and transport |
| Unvalidated
input |
| Buffer
overflows |
| Denial
of service |
Web
Application Vulnerabilities
WebServer
Vulnerabilities
Database
Vulnerabilites
At
Digivera, we make security manageable.
