Software Testing India
Organizations in India are hosting their mission critical services over the internet with a lot of sensitive data being exchanged across systems and users. The security of web applications is thus becoming increasingly important at the application, server and database levels.
We have extensive experience in security testing of n-tier web applications across diverse industry verticals and technologies. Our Security testing service adopts a Threat Model Analysis approach, covering a review of the application architecture and design, identification of risks, assets and threats, code scanning and reviews and penetration testing and vulnerability assessment. Our experts specialize in testing related to authentication, authorization and access control of web applications and services, using all major commercial and open source Security and privacy testing tools.
We have performed TMA on multiple engagements covering .NET and Java technologies, typically covering threats listed below:
Using poor input validation that leads to cross-site scripting (XSS), SQL injection and buffer overflow attacks
Passing authentication credentials or authentication cookies over unencrypted network links, which can lead to credential capture or session hijacking.
Using weak password and account policies, which can lead to unauthorized access
Failing to secure the configuration management aspects of your application, including administration interfaces
Storing configuration secrets, such as connection strings and service account credentials, in clear text
Using over-privileged process and service accounts
Using insecure data access coding techniques, which can increase the threat posed by SQL injection
Using weak or custom encryption and failing to adequately secure encryption keys
Relying on the integrity of parameters that are passed from the web browser, for example, form fields, query strings, cookie data and http headers
Using insecure exception handling, which can lead to denial of service attacks and the disclosure of system level details that are useful to an attacker
Doing inadequate auditing and logging, which can lead to repudiation threats
We focus on the top 10 OWASP vulnerabilities in our security testing engagements.