JA slide show
 

Security Testing

Print
 
Security testing is becoming increasingly vital for organisations due to number of applications that can be accessed via the internet and the amount of sensitive data they hold. If you don’t find and fix your systems vulnerabilities then the results can be both financially and legally catastrophic.

It has also been proven that around 80% of all security breaches now happen at the application layer. It is therefore no longer acceptable to leave the responsibility for your application security to your infrastructure or networks team.
 
Security Testing is performed to ensure that the application behaves as expected in terms of protecting data and dealing with malicious users.   It can involve activities such as ensuring access is restricted to authorised users only, authenticating that a message has originated from a trusted source and that it hasn’t been intercepted and modified by a third-party en-route, and much more.

Security Testing generally takes advantage of automated security test tools as, if configured properly, they are able to execute tests in a fraction of the time it would take to perform those tests manually, whilst still providing an excellent level of confidence.  However, automated security tests shouldn't be the only tests carried out on the application as automated tools will only be able to capture predefined types of vulnerabilities.  Privileges elevation, authentication weaknesses, weaknesses in token generation and to a lesser degree SQL injection attacks are among type of tests which an automated tool is not capable of performing.

Testhouse can help by providing a comprehensive package of security tests that will identify the areas of vulnerability within your systems, networks and security procedures. We employ experts that can help provide confidence in the security of your system by performing the following:
  • Application security testing (database, web application) including white-box and black-box testing
  • Code level security testing
  • Privileges elevation testing
  • Authentication and authorisation testing
  • SQL injections
  • Software path level auditing
  • Network hardware configuration auditing
To date, Testhouse has performed Security Testing for various organisations in a number of sectors, including finance and media.   In addition to manual security testing we also have experience  in a number of automated security testing tools such as Microsoft Baseline Security Analyser, HP Security Center, IBM Rational AppScan, Nessus and others.
 

Accolades And Partners

dlbc_bus_year_2008.gif