- Are your web servers vulnerable to attack?
- Could an attacker obtain credit card or other information from your back end server?
- Could your web server be used as an entrance point to get deeper into your network?
We analyse the security of your web servers and their applications using a combination
of industry standards, our own best practice and BS 7799 / ISO 27001. The report we produce - tailored to your
organisation - will inform you of the vulnerabilities and the solutions, so you can address these
before the "real" hackers do.
Below are our services in this area:
|
 |
Web Server Penetration Testing:
Is your web server hosting vulnerabilities? This service is aimed at firewalls which protect
web services and at the web servers themselves. In addition to the tests mentioned on the
Internet Penetration Testing page, we also attempt web server identification, scan for
secure web services and attempt manual exploits against your web servers (URL crafting, authentication exploits, etc.).
In addition, we offer the facility (at a reduced rate) for our testing partners, Ascure in
Belgium, to conduct tests alongside ours in order to complement and cross-verify the testing, and thus give you an
in-depth appraisal of your web site.
|
|
E-commerce and Web Application Testing:
Web application security is often the most vulnerable element of a web site and one that can
easily be manipulated to cause damage to a company's most sensitive information. Based on our
Web Server Penetration Testing service outlined above, this service adds a detailed security
review of your web applications. The tests include automated application exploits and web
server vulnerability scanning, as well as manual application exploits (URL crafting,
authentication exploits, etc.). Using WebInspect
web vulnerability testing software, we scan web applications for known and unknown security vulnerabilities.
In addition, we offer the facility (at a reduced rate) for our testing partners, Ascure in
Belgium, to conduct tests alongside ours in order to complement and cross-verify the testing, and thus give you an
in-depth appraisal of your web site.
|
|
Extranet Penetration Testing:
Who's playing on your extranet? This service is aimed at firewalls which protect extranet
services and at the extranet web servers themselves. In addition to the tests mentioned under
Internet Connection Penetration Testing, we also attempt web server identification, scan for
secure web services and attempt manual exploits against your web servers (URL crafting,
authentication exploits, etc.). We attempt unauthorised access to your extranet servers and also
confirm the scope of access for authorised users.
|
| Want more information? |
- Phone Andy on +44 (0)1273 45 45 25
- Click Here to download a leaflet about this service
- Click Here to download our overview brochure
- Click here to use our contact form
|
|
