As more
organizations leverage the Internet for business and commercial
transactions, attackers are focusing on applications to penetrate
corporate security controls. Historically, developers have
focused on functionality over security, which has presented
an entirely new venue for attackers to launch exploits and
compromise systems and information.
Service
Description
Digivera's
DVAudit-Web On-Demand
Web Application security assessment service provides
a customized, extensive, impartial, and periodic security
analysis of internally developed or commercial enterprise
applications. This service evaluates current security standards
and levels of compliance to give organizations a well-developed
matrix of existing threats, web application vulnerabilities,
and real-world recommendations to address specific weaknesses.
In addition, we use a library of proprietary tests and custom-developed
tools to check for vulnerabilities that cannot be identified
through automated means.
The
Digivera Advantages
Digivera's
DVAudit-Web services are performed only by experienced and credentialed professionals,
most of whom are CISSPs and Solutions Architects. We participate in industry associations
such as InfraGard, OWASP and OSSTMM open source forums. All this is put to work
for you; we go beyond the basic application assessment to:
 | Demonstrate
due diligence for regulatory compliance (as applicable); |
| Assure
web applications are sufficiently hardened; |
| Deliver
actionable findings and strategic recommendations; |
| Provide
knowledge transfer to your internal security resources; |
| Utilize
dedicated senior project team with global recognition in the security industry. |
Service
Benefits
Some
organizations believe web applications have security built in or are "good to
go" out of the box. This is not usually the case. In fact, it is rarely true.
Digivera's web security and solutions architects help put the security back into
your web applications:
|
Digivera
does not use or rely on open source tools and scanners
for application assessments scanning because of their
relative immaturity. All our testing is performed via
our automated On-Demand
Managed Services which provides 100% testing
coverage, accuracy and backed by experienced security
professionals. |
| Digivera
performs comprehensive threat analysis to identify key assets needing protection
and defines security threats to those assets. |
| Digivera
will provide you with a detailed report on security vulnerabilities along with
architectural and operational weaknesses identified based on our proprietary checklist
that goes beyond requirements identified in the OWASP standard or checklist. Our
findings report also provides detailed explanations of countermeasures necessary
to secure applications, data assets, and resources, and outlines policy recommendations
to ensure long-term compliance with industry best practices. |
Assessment
Coverage Areas
| Injection
flaws (e.g. SQL Injection) |
| Cross-site
scripting (XSS) attacks |
| Broken
access control (e.g. malicious use of user IDs) ations to ensure long-term compliance
with industry best practices. |
| Broken
authentication/session management (use of account credentials and session cookies)
|
| Insecure
configuration management |
| Improper
error handling |
| Insecure
storage and transport |
| Unvalidated
input |
| Buffer
overflows |
| Denial
of service |
Web
Application Vulnerabilities
WebServer
Vulnerabilities
Database
Vulnerabilites
Digivera
also provides a complete suite of technology
solutions and On-demand
SaaS managed security services to solve your
business and regulatory requirements. We provide pay-as-you-grow
services such as Security Management, Identity Management,
Storage/Online Backup, IT Help Desk and more.
Our
team of industry experts has enhanced every service by providing
additional content, special pricing or a unique value proposition
that cannot be found anywhere else. Learn
more...
At
Digivera, we make security manageable.
 |
Call
Us At 408.216.7799 |
| |
|
