Having a website security check is vital since websites now play a huge role in attracting clients to your business and potential customers want to feel safe while browsing or buying online. This service stamps your website with a ‘website security tested’ badge, that allows clients to feel secure and at the same time helps boost sales online.

Dotsquares Web Application Security Testing service is an Internet security audit, performed by experienced security professionals. The service is designed to rigorously push the defences of Internet networks and applications. It is suitable for commissioning, third party assurance, post-attack analysis, audit and regulatory purposes where independence and quality of service are important requirements.

This service provides a full website security audit that will test the entire website using a variety of attack methods, ranging from MySQL attacks to DNS poisoning attacks. The application security audit is a simulated, realistic hacker attack on an application and its associated front- and back-end systems. During the available testing time, all security vulnerabilities are systematically searched for. Much of the work is done manually and the testers put themselves in the role of a hacker. Our security consultants employ the latest methods and tricks that are also utilized by «real» hackers and crackers.

Beside the usual techniques, the following types of tests are used in an application security audit, if required:

• Code Review
• Reverse Engineering
• API Monitoring
• Network Sniffing & Packet Analysis
• Injection Tests

The client defines how much information should be shared with both parties (tester and administrators/users of the systems in scope):

• White box: The testers obtain all information of the systems to be audited in detail. Administrators/users are informed before the audit. The objective is to simulate an attack with insider information.
• Black Box: The testers do not have knowledge about the systems to be tested prior to the audit. Administrators/users are informed before the test. The objective is to assess the vulnerabilities and to exploit them.
• Grey Box: The testers obtain partial information of the systems. Administrators/users are informed before the audit. This approach allows to speed up the audit by avoiding wasting precious project time.
• Blind: The administrators and users of the audited systems are unaware of the security audit. The objective is to test the response of the security team.
• Double Blind: The testers do not have knowledge about the systems to be tested prior to the audit. The administrators and users of the tested systems are unaware of the security audit. This is the most realistic approach.

Save

Save