Overview ISO 27001 Certification Application Security Testing Vulnerability Management Malware Monitoring Compliance Security Consulting Software Development Services

Overview IAM Authentication & Fraud PKI Information Protection Host Intrusion Defense System Antiphishing Brand & trademark protection SSL Certificates

Overview Financial Services Healthcare / Pharma Government Power / Energy / Utilities Manufacturing Software / ITes

Overview Technology Partners

By Domain Testimonials

About Us Vision & Mission Management Advisory Board Infrastructure Indusface News Indusface in News Careers Contact Indusface

data sheets

case studies

“We are impressed not only with Indusface's in-depth knowledge of the application security domain, but also the prompt, flexible and high service quality level of Indusface. We at GIL are extremely satisfied and happy with our decision to have chosen Indusface as our internal Information Security Auditors and they have carried out security assessments of critical Gujarat Government applications to our complete satisfaction”

- Dr. Neeta Shah, Gujarat Informatics Ltd
- Government of Gujarat

application security testing

services

Over the years the Internet has changed the way business gets done. Web-based applications are enabling interactions among customers, employees and partners. Unfortunately, many web based applications have inherent vulnerabilities and security-oriented design flaws. Internet based attacks exploit these weaknesses to compromise sites and gain access to critical systems which can lead to financial losses and also compromising of organization's confidential information Most organizations today have some degree of online security infrastructure - implementing firewalls, IDS, Operating Systems hardening etc. but have overlooked the need to secure and verify integrity of their web applications. This is also a very convenient channel for a hacker to access confidential information than overcoming a network barrier.

Indusface Solution

Indusface Web Application Security Testing service is typically a zero touch, Security as a Service (SAAS), remote analysis of an organizations web application delivered from its ISO 27001 adhered Secure Delivery Centers. Our application security analysts assess the application by performing a range of application vulnerability tests and checks using a combination of automated tools and manual testing techniques. Indusface having tested more than 500+ applications globally follows a standardized assessment approach based on internationally accepted OWASP & OSSTM best practices :

Module Enumeration

Understanding the module operations and its features
Creating a data and process flow map
Discovering visible and hidden modules manually or using tools
Understanding data paths and in some cases initialization process

Test Case Development

Enumerate the various input, data, exchange fields used in each modules
Identifying the data types accepted by each of these fields
Enlisting each permutation and combination that could be used in these fields
Creating a case that could be used to test the application

Case Validation

Each test result may be further validated and verified by completing an attack cycle. This is done to reconfirm the process and to understand the flaws in the application. Validating a case may also be useful to recommend an accurate recommendation procedure.

Test Database

Each test case created will be matched against the possible attacks in the list of attacks in the attacks database
A permutation of each case and attack is created and added to the test database
Sample values and or ranges are entered in each of the test cases in the test database
A test success criteria is also documented in each of the test cases

Block Presentation of the entire Web Application Security Testing process

zoom