Identify, Manage, and Reduce your Risks

 

Website Security, Website Application Security Audit

Website Security,  Website Audit, Web Application Security Assessment

For many organizations, Web applications are the most vulnerable element of an organization’s IT infrastructure. As your organization uses the Internet for customer, supplier, employee, and vendor interactions, Web technologies and database interfaces become more complex and require additional security.  

Assessment Process

By emulating the approach used by hackers, we check your web site applications for over 35,000 types of vulnerabilities including:

  • Buffer overflow - integer overflow and other programming issues
  • SQL injection vulnerabilities – application layer attacks
  • Cross site scripting - malicious code embedded into a dynamic page
  • Broken links - attacks exploiting links to broken pages
  • Google hacking – site scanning, cgi scanner
  • JavaScript attacks - error checking, calculation areas on pages, and user interaction
  • Authentication - attacks that circumvent or exploit the authentication process
  • Authorization – attacks that exploit user, service, or application permissions
  • Client side attacks – user exploits
  • Information disclosure – version and patch numbers, host information
  • Logical attacks - procedural flow vulnerabilities and logic issues
  • Web server attacks - web server operating system and version errors

Reconnaissance (information gathering)

Altius IT’s website security audit is customized to your specific needs and emulates the approach used by hackers.  We first begin with reconnaissance:

  • Altius IT maps out the web site structure
  • We Inventory all available web site pages
  • Our experts find secure log in areas
  • We identify databases and other areas that contain sensitive information

Exploits

Once reconnaissance is complete, our experts launch a series of vulnerability attacks on each web site page, interfaces to database systems, and internal networks. We analyze each page and document any vulnerabilities identified. 

By customizing our assessments to your unique environment, we help you manage your risks, protect your assets, and identify issues before they result in down time.

Deliverables

Altius IT's deliverables include a report of vulnerabilities identified, recommendations to eliminate risks, and a prioritized risk response action plan.  Please see the Altius IT Roadmap (AIR) for more information.

Certification

Upon completion of our services, Altius IT provides an opinion letter for distribution to your customers, clients, and prospects.  We also provide you with the Altius IT Secure Seal that can be prominently placed on your web site.  This provides peace of mind that sensitive information remains secure.

Representative Clients

Why Altius IT

Today's new and emerging threats, combined with sophisticated network environments, present challenges to IT staff trying to maintain system availability, ensure information confidentiality, and guarantee information integrity. Altius IT is certified by the Information Systems Audit and Control Association as Certified Information Systems Auditors (CISA). Altius IT's experts provide outside, independent assessments that help your staff:

  • Achieve compliance with industry standards
  • Develop strong relationships with your customers
  • Minimize business and IT related risks
  • Enhance information security and asset protection
  • Reduce costs while ensuring information protection

Automated Services Aren't Sufficient

Hackers don’t rely exclusively on automated web site scans and neither should you.  Since web sites need to be accessible by the public, security mechanisms must allow web traffic to communicate with database servers through web applications.

Altius IT uses a combination of manual and automated tools that emulate the approach used by hackers when they attack a web site.

Automated web site scans provide little defense against knowledgeable hackers and full-scale web attacks. Our proprietary approach finds risks that other miss, 100% of the time.

100% Carbon Neutral

Concerned about the environment?  Altius IT is 100% carbon neutral.  We've worked hard to create an environmentally friendly business that meet the needs of our clients. At Altius IT, we pride ourselves on providing best-in-class eco friendly green assessments – saving our client’s money while saving the environment. All because it's the right thing to do for our community, our clients and our business. Discover the Top 10 ways Altius IT adds business value.

 

 


Links: Assessment Overview | Network Audit | Security Audit | Compliance Audit |
| Penetration Assessment | Website Application Security Audit | Website Compliance |
| Security Policies | Security Consulting |

Labels: Website security, web site security, web app audit, web application audit, website audit, web security audit, website vulnerability, web security, online security