Quick Links

	Altius IT roadmap (AIR)
	Top 10 audit questions
	Industry experience in this area
	Award winning security newsletter
	Contact our experts for more info

Web Application and Database Assessment

Who Needs Web Application & Database Assessments

For many organizations, Web applications are the most vulnerable element of an organization’s IT infrastructure. As your organization uses the Internet for customer, supplier, employee, and vendor interactions, Web technologies and database interfaces become more complex and require additional security. Web application and database assessments are ideal for:

Web sites that interface with database systems
Ensuring compliance (HIPAA, Sarbanes Oxley, etc.)
Emerging and fast growing firms
Businesses concerned about security
Organizations in the financial and health care industries
Buffer overflow, SQL injections, cross site scripting, JavaScript, and other programming concerns

Assessment Work Plan

Altius IT’s web application and database assessments are customized to your specific needs. Our assessments help your organization manage its risks, prioritize assets, resources, and identify issues before they result in down time.

By following the links on a web site, and other files such as robots.txt, we inventory the available web site pages. Our software maps out the web site structure and displayed detailed information about each page.

We then emulated a hacker attack by using automated tools to launch a series of vulnerability attacks on each web site page. Our tools analyzed each page in an effort to identify weaknesses.

Altius IT’s assessment tools scan for buffer overflow, SQL injection, cross site scripting, Google hacking, authentication risks, JavaScript, Common Gateway Interface (CGI), PHP, broken links, authentication hacking, and many other types of web related vulnerabilities.

Traditional Protection

Since web sites need to be accessible by the public, security mechanisms must allow web traffic to communicate with database servers through web applications. As a result, firewalls and similar intrusion detection mechanisms provide little defense against knowledgeable hackers and full-scale web attacks.

Deliverables

Our deliverables include a report of our findings as well as recommendations, and a prioritized Action Plan. The entire Work Plan takes from one week to as long as three months, depending upon the scope. Please see the Altius IT Roadmap (AIR) for more information.

Certification

Upon completion of our services, Altius IT provides a certification letter for distribution to your customers, clients, and prospects. We also provide you with the Altius IT Secure Seal that can be prominently placed on your web site. This provides peace of mind that sensitive information remains secure.

Why Altius IT

We are certified by the Information Systems Audit and Control Association as Certified Information Systems Auditors (CISA). Altius IT's experts provide outside, independent assessments that help organizations:

Achieve compliance with industry standards
Develop strong relationships with your customers
Minimize business and IT related risks
Reduce costs while ensuring information protection