|
Web Application and
Database Assessment

Who Needs
Web Application & Database Assessments
For many organizations, Web applications are
the most vulnerable element of an organization’s
IT infrastructure. As your organization uses the
Internet for customer, supplier, employee, and
vendor interactions, Web technologies and
database interfaces become more complex and
require additional security. Web application and database assessments
are ideal for:
- Web sites that interface with database
systems
- Ensuring compliance (HIPAA,
Sarbanes Oxley, etc.)
- Emerging and fast growing firms
- Businesses concerned about security
- Organizations in the financial and
health care industries
- Buffer overflow, SQL injections, cross
site scripting, JavaScript, and other
programming concerns
Assessment Work Plan
Altius IT’s web application and database assessments are customized
to your specific needs. Our assessments help
your organization manage its risks, prioritize
assets, resources, and identify issues before
they result in down time.
By following the links on a web site, and
other files such as robots.txt, we inventory the
available web site pages. Our software maps out
the web site structure and displayed detailed
information about each page.
We then emulated a hacker attack by using
automated tools to launch a series of
vulnerability attacks on each web site page. Our
tools analyzed each page in an effort to
identify weaknesses.
Altius IT’s assessment tools scan for buffer
overflow, SQL injection, cross site scripting,
Google hacking, authentication risks,
JavaScript, Common Gateway Interface (CGI), PHP,
broken links, authentication hacking, and many
other types of web related vulnerabilities.
Traditional Protection
Since web sites need to be accessible by the
public, security mechanisms must allow web
traffic to communicate with database servers
through web applications. As a result, firewalls
and similar intrusion detection mechanisms
provide little defense against knowledgeable
hackers and full-scale web attacks.
Deliverables
Our deliverables include a report of our
findings as well as recommendations, and
a prioritized Action Plan. The entire Work Plan
takes from one week to as long as three months,
depending upon the scope. Please see the
Altius IT Roadmap
(AIR) for more information.
Certification
Upon completion of our services, Altius IT
provides a certification letter for distribution to
your customers, clients, and prospects. We
also provide you with the
Altius IT Secure Seal that can be prominently
placed on your web site. This provides peace of mind that sensitive information remains secure.
Why Altius IT
We are certified by the Information Systems
Audit and Control Association as Certified
Information Systems Auditors (CISA). Altius IT's experts provide outside,
independent assessments that
help organizations:
- Achieve compliance with industry
standards
- Develop strong relationships with your
customers
- Minimize business and IT related risks
- Reduce costs while ensuring information
protection

|