Sign In
SecureState home
SecureState
Skip navigation links
About Us
Audit & Compliance
Profiling
e.Discovery
Risk Management
Government
Skip Navigation LinksSecureState > Profiling > Web Application Security


Skip navigation links
Profiling
Profiling
Vulnerability & PCI Scans
StateScan
Internal Pen-Test
External Pen-Test
Web Application Security
Wireless Security
Physical Security
War Dialing
Architecture Review
Firewall & Router Ruleset Review
Interrogation & Configuration Review
Profiling Training
Contact Us
Careers
Clients By Industry
Competitive Landscape
Media Center
Free Tools
Events
FAQ
Blog

Web Application Security 


The Payment Card Industry's Data Security Standard requires that organizations perform a Web Application Code Review or install a Web Application Firewall as of June 30!

As applications become more dynamic and user friendly, the number of vulnerabilities left open by developer’s increases.  SecureState has found that more than 90 percent of attacks are coming through the application layer, raising awareness to not only security professionals, but professional hackers. 

Some industry regulations are even making application security mandatory.  The Payment Card Industry’s Data Security Standards make it mandatory that companies perform custom code reviews and/or install a web application firewall. 

Why we're the best:

  • SecureState employs only the most highly skilled professionals in security to test
    your application
  • We hire former developers who have a fully understanding in how applications are coded and designed to give you the most thorough test
  • SecureState is the chapter president for the Open Web Application Security Project (OWASP)
  • SecureState's high success rate ensures that your organization gets the most accurate report of vulnerabilities and level of risk to your organization that each of those vulnerability's carries

SecureState offers three web application security tests: Black Box, Grey Box and White Box.

Blackbox What we do: (70% Automated - 30% Manual)

1. Vulnerability Scans with Commercial Scanning Tools 

SecureState's consultants will run the top commercial application scanning tool on the market to identify any known vulnerabilities to the application.

2. Manual Validation of Findings

SecureState's consultants will manually test the vulnerabilities discovered to determine if they are real vulnerabilities and remove the false positives.

3. Potential Exploitation of Vulnerability

Upon removing the false positives, SecureState's consultants will manually test the potential risk that those vulnerabilities carry and identify their potential to exploitation.

4. Retest of High Findings (30 Days)

At no extra charge, SecureState's consultants will retest the vulnerabilities discovered during the penetration test to be sure that the vulnerabilities, as well as the risk associated with them, were mitigated.

White Box What we do: (Code Review)

1. Run Automated Analysis Tool

SecureState's consultants will run the top automated code analysis tool on the market to sift through thousands of lines of code and identify vulnerabilities.  This cuts down on the time and cost it takes to manually review each line of code. 

2. Manual Code Review

SecureState's consultants will manually review certain high risk section of your web application, as well as those areas identified as vulnerable by the analysis tool to be sure that the tool did not miss anything and that the vulnerabilities found are not false positives

3. Validate Findings

SecureState's consultants will then validate the findings by testing each vulnerability discovered in the code review. 

Grey Box What we do: (70% Manual - 30% Automated)

  • SecureState's consultants perform the activities in the same way as a black box test; however with this test they are given user credentials.  This allows SecureState's consultants to test the business logic of the application. It demonstrates due diligence in testing your application and fulfills the custom code review requirement in Payment Card Industry (PCI) Data Security Standards (DSS).

What you get:

1. MyState Portal

For 60 days, you will have full access to SecureState's secure MyState portal.  This portal will provide up to the second findings, as well as mitigation support throughout your SecureState experience.

2. Final Report (Exec Summary / Walk Through)

Upon completion of the penetration tests, SecureState's consultants will meet your security and executive team to walk through our findings.  We will also present a detailed road map to fix any vulnerabilities found.

3. OWASP Mapping

SecureState's consultants will provide a map of your web application to the Open Web Application Security Project's Top Ten to demonstrate the risk that your web application carries.

4. Matrix of Findings

5. Mitigation Assistance

For more information download the PDF version of Web Application Security

SecureState’s consultants test the commercial tools that we use to ensure that we are using the best tools on the market and providing our clients with the highest quality and most reliable results possible.

SecureState runs the Cleveland, Ohio chapter of OWASP and uses the OWASP Top Ten as a framework to test application security.  To check out the top ten visit www.owasp.org

With SecureState's offerings, we can test the three tiers of your web application:

1. Presentation 
2. Business Logic 
3. Data 


Chat Live with SecureState

Website designed and developed by SecureState, © 2008 SecureState LLC. All rights reserved. | Privacy Policy | Report discrepancy