Vulnerabilities in Web applications are the leading threat to network security from external attacks through the Internet. These vulnerabilities allow hackers to bypass firewalls and other perimeter security in order to gain direct access to back-end systems and proprietary data.
Web-based attacks can lead to loss of revenue, devaluation, lower consumer confidence, as well as failure to comply with government and industry mandates. By proactively managing risk, hackers can be prevented from stealing corporate or personal data and bringing down systems.
Spam, spyware, malware and other unwanted agents account for at least a 20% productivity drain in the workplace*, and 75% of attacks are aimed at the application layer**.
Security Cube Web Audit identifies these vulnerabilities and prioritizes the necessary steps for immediate action to lower the cost and risk of online business operations.
Security Cube Web Audit assesses the security and compliance of your corporate website, and scans and tests for common web application vulnerabilities such as those identified by:
o WASC (Web Application Security Consortium)
o OWASP (Open Web Application Security Project)
o SANS (SysAdmin, Audit, Network, Security) Institute's top 20
(including cross site scripting, injection flaws, and buffer overflows.)
Performed using award-winning, market and industry leading software (as cited by IDC and Gartner), Security Cube's Web Audit will identify how to make and keep your web applications secure.
Gain Immediate Returns
Security Cube Web Audit is performed by our web application security specialists. By engaging our services you can save IT resources and leave them to do what they do best: keep your systems running smoothly. Security Cube Web Audit provides a thorough review of all web applications, and a comprehensive report of vulnerabilities and the necessary steps required to address any existing or potential breaches in security. Our audit gives you the flexibility to have your internal resources act on the report, or you can choose to engage our knowledgeable consultants to do the job for you.
To address your compliance requirements, Security Cube Web Audit can over 40 out-of-box compliance reports including:
o Payment Card Industry Data Security Standard (PCI DSS)
o Payment Application Best Practices (PABP)
o Health Insurance Portability and Accountability Act (HIPPA)
o Gramm-Leach Bliley Act (GLBA)
Security in your Software Development Life Cycle
A thorough audit of your new web applications will also ensure that they are secure prior to public release. Security assessments conducted during production are the only assessments that provide real time, continuous knowledge of the security level of your web applications. Security Cube Application Scanning is designed specifically for web application security testing in production environments. Avoid the cost of correcting vulnerabilities early, during pre-production detection, rather than waiting until post-production- or worse, after an attack.
Security Cube Web Audit:
o enables developers to identify programming oversights that result in web security flaws and non-compliance;
o provides a prioritization of issues;
o provides repair recommendations.
Security Cube Web Audit:
• enables developers to identify programming oversights that result in web security flaws and non-compliance;
• provides a prioritization of issues;
• provides repair recommendations.
Web Application Scanning
Because online systems such banking, healthcare, e-commerce, and customer support portals collect extremely sensitive data, internal systems are an increasingly enticing target for opportunistic hackers. Web applications such as Cross-Site Scripting (XSS) are particularly vulnerable, and SQL Injection attacks have made up an increasing percentage of newly discovered vulnerabilities and actual reported intrusions.
Our web audit will assess the security web applications developed by third parties; the underlying operating system, adjacent applications, and databases connected to the web applications - none of which are tested by traditional web application scanners.
Security Cube Web Audit also covers complete vulnerability scanning of:
o the latest Web 2.0 technologies