online computer maintenance specialiasts
it security Homepage network security Contact Us
 
proactive it support proactive it security proactive it consultants it security software resellers it case studies south west
internet security
network penetration testing
cookie tampering
pci compliance
web application testing
cross site scripting
it penetration testing

SECURITY

Web Application Testing

Web application testing is basically part of a penetration test. Pen testing is a full audit of a company's external visibility, whereas web application audits web servers specifically. Some companies may not require a full audit of their system, only of web servers, this is where there is differentiation between the two.

Many applications are vulnerable to such attacks because application developers do not consistently employ secure coding practices. The folowing attack types can be considered significant threats:

  • Cross Site Scripting (XSS)
  • SQL injection flaws
  • OS command injections
  • Site reconnaissance
  • Session hijacking
  • Application denial of service
  • Malicious probes/crawlers
  • Cookie/session tampering
  • Path traversal

Online Web-based applications are increasingly at risk from professional hackers who target such applications in order to commit data theft or fraud. Being compromised can damage an enterprise’s reputation, result in loss of customers and impact the organisation’s bottom line.

In addition, companies that transact online are faced with a host of growing industry regulations such as the Payment Card Industry Data Security Standard (PCI DSS), which mandates that all enterprise and Web applications handling credit card and account information must undergo an extensive and costly audit of custom application code. The alternative to satisfy PCI DSS compliance is simply installing a Web application firewall.

The combination of these factors along with banking industry PCI DSS compliance concerns, creates demand for a more technologically and cost-effective risk protection solution for online Web applications.

Ideally, every Web application should be tested to ensure that it will work perfectly on every browser that might access it. But with the fragmentation of the browser market and the increasing importance of the very fluid world of mobile platforms, that's a practical impossibility. Still, you can come closer than you might think. You can use a wide array of tools for cross-platform Web testing. Whether you have the resources for a workstation with several virtualized OSes, or can only run your application through a hosted service, you have the capacity to see how your application will work in different user environments—and you owe it to your users to make it work as well in as many places as you can.

Back to Security
 
sql injection
Telephone: +44(0) 117 2020 020• Email: enquiries@signalnetworks.co.uk
Copyright © 2008 Signal Networks Ltd.
All rights reserved. Disclaimer
CEH
IT Support Bristol Server Support Bristol Computer Support Bristol Network Support Bristol
 
Valid HTML 4.01 Transitional Valid CSS! Google Search it support bristol Internet Marketing

XML Site Map