Web Security

Website security assessment and penetration testing

The goal of security assessment is to identify and resolve vulnerabilities and weaknesses in the design and implementation of a given website. The process is almost mandatory for any commercial site, but it can also be used by any organization or individual that wants to improve security awareness and protect valuable digital assets from disclosure, theft or loss.

The most common types of security assessment are:

  • External testing. This testing is focused on the infrastructure of the target system (hardware, operating system, network configuration, etc) from an outsider's perspective. Publicly available information is also evaluated and the implications are assessed.
  • Internal testing. It uses similar techniques with the external testing, but as the tests are performed inside the perimeter of the target system, a more comprehensive view of the current security state can be provided.
  • Application security assessment. The purpose of this process is to identify weaknesses that make an application vulnerable to attack and eliminate security holes (either by design or configuration) as early as possible.
  • Social engineering assessment.This type of assessment addresses a non-technical kind of intrusion that relies heavily on human interaction and involves tricking other people into breaking normal security procedures.

We can help you evaluate your security measures and prevent unauthorized access before it's too late.

How we do the security assessment We have developed a methodology that allows us to evaluate security threats and identify appropriate countermeasures across ALL levels and tiers of the target system. We conduct both "black-box" and "white-box" testing and we provide specific recommendations that will make your system more secure and hack-resilient. Our assessment covers the following crucial components (if present):
  • Network
  • Web server
  • Application server
  • Database server

We can also provide code review and audit services. The combined results of our assessments are delivered in a comprehensive report prepared for both technical and non-technical audiences.