Information Security
Web Applications Vulnerability Assessment
The information security arena is wide and complex and each area of expertise requires a lot of experience and a big effort to remain up to date with the technology changes and improvements.
Our security division, called GreenSecurity, is focused in web application security and our efforts are related with the techniques and techonologies involved in the development process of the more secure possible software.
We carry on Web Application Penetration Testing services to examine the risks and vulnerabilities present in your company web applications. Our services includes a complete report about the vulnerabilities identified, the risk level and the appropiate remediation plan.
We focus our work in fingerprint the pieces of your architecture, as web servers, programming frameworks, web application firewalls, programming languages, databases, etc and go beyond the OWASP top ten vulnerabilities.
For each vulnerability found, we exploit it to show the associated risks.
The more common vulnerabilities founded in this sort of tests, as OWASP rank, are:
- SQL Injection
- Cross-Site Scripting (XSS)
- Broken Authentication and Session Management
- Insecure Direct Object References
- Cross-Site Request Forgery (CSRF)
- Security Misconfiguration
- Insecure Cryptographic Storage
- Failure to Restrict URL Access
- Insufficient Transport Layer Protection
- Unvalidated Redirects and Forwards
Our reports include Vulnerability Identification, Impact Valuation, References, Exploits Proofs, Remediation Plans and an Executive Summary, as is shown in the following samples:
We can follow the stages after pentest to help your Development Team to remediate the founded flaws and adopt secure development practices.
Other areas of Security where we offer services are:
- Cryptography
- LAN & WAN Penetration Tests
- Information Security Training