HomeContact

Application Audit

All organizations are constantly looking into optimizing work flows, information management and processes

All organizations are constantly looking into optimizing work flows, information management and processes. Modern applications are replacing legacy workflow and optimizing how information can be stored and accessed. Due to the sensitivity of the data stored and accessed through applications it is of extreme importance to understand if an application is secure.

Virus Rescuers can assist in identifying security issues in applications by performing an application audit.

An application audit can consist of a number of procedures, the purpose of which is to identify potential security issues in the application. Any identified issues will be covered in a comprehensive audit report, which can be used by the client in the efforts of addressing security issues either through internal development or in communication with external application developers.

Our audits can cover such areas as:

Exploitation and Vulnerability Assessment

Programmatic security suffers due to a vulnerable algorithmic logic or failure to follow secure coding standards exploiting platform’s vulnerabilities. This classification of attacks works regardless of coding practices since it exploits the hosting platform rather than the code itself.

Authentication Analysis

Authentication methods have long been identified and developed into ready made components or modules, allowing developers to facilitate their applications with privilege granting and identification capabilities. However, the integrate working of those methods are very well known by malicious cyber groups, and well documented instructions on how to defeat those mechanisms are publicly available among those groups. The auditor will identify weak authentication implementations during this phase. All findings will be reported as well as their countermeasures.

Application Authorization

Application authorization is the most commonly incorrectly implemented component in application programming. Authorization can be hijacked, tampered and enumerated, all of which would allow an anonymous user to escalate their access levels to administrative access. Our auditor(s) will be able to document and report necessary recommendations for counter-measuring such attacks.

Input Validation and Coding Best Practices

Exploitation and penetration reveal known vulnerabilities of a system. But in order to protect against zero day risks, standards for input handling must be put into practice. The auditor will focus mainly on studying code handling of inputs through the application and recommending other controls that are to be put into practice.

Database Targeting Attacks

The auditor will attempt to execute various attacks by exploiting database vulnerabilities during this phase. Database vulnerabilities are usually most dangerous whereby penetrating such security weaknesses the attacker can bypass all security measures and execute the desired malicious code. Database attacks can be tunnelled through the application layer which not only makes it dangerous, but also easily accessible.

XML Targeting Attacks

XML is one of the fastest growing programmable technologies that is getting vast support by many browsers and other different gadget based applications. If XML is not well implemented, an attacker can manipulate XML entities in order to perform desired cross site scripting attacks and other malicious activity.

Attacking the Application Management Console

In this phase, the auditor will focus on attacking various application management technologies such as remote desktop, SSH, content management systems and checking for other admin misconfigurations.

Web Client Cross Browser Attacks

The auditor will check for the possibility of hacking other users using the same system through cross browser attacks. Server countermeasures as well as other browser countermeasures that can be enforced via active directory will be reported.

Kaspersky Lab

Kaspersky Lab develop, produce and distribute information security solutions that protect our customers from IT threats and allow enterprises to manage risk.

McAfee Anti-virus

McAfee for Consumers delivers world-class retail and online solutions designed to secure, protect, and optimize the computers of consumers and home office users.

ESET Anti-virus

ESET Smart Security is an integrated antivirus, antispyware, antispam and personal firewall solution that combines accuracy, speed and an extremely

Sophos Endpoint

A single, automated console for Windows, Mac, UNIX, Linux and virtualized platforms. A single endpoint agent for Windows that detects viruses, spyware and adware, rootkits and suspicious files and behavior.

Symantec Endpoint

Powered by Insight, Endpoint Protection is the fastest, most powerful endpoint antivirus software solution you can buy for both virtual and physical systems.

Webroot

Webroot® SecureAnywhere™ Business - Endpoint Protection offers a revolutionary approach to endpoint malware protection.

Trend Micro's

Kaspersky Lab develop, produce and distribute information security solutions that protect our customers from IT threats and allow enterprises to manage risk.

Trend Micro's

Kaspersky Lab develop, produce and distribute information security solutions that protect our customers from IT threats and allow enterprises to manage risk.

ESET Anti-virus

ESET Smart Security is an integrated antivirus, antispyware, antispam and personal firewall solution that combines accuracy, speed and an extremely

Kaspersky Lab

Kaspersky Lab develop, produce and distribute information security solutions that protect our customers from IT threats and allow enterprises to manage risk.

McAfee Anti-virus

McAfee for Consumers delivers world-class retail and online solutions designed to secure, protect, and optimize the computers of consumers and home office users.

McAfee Anti-virus

McAfee for Consumers delivers world-class retail and online solutions designed to secure, protect, and optimize the computers of consumers and home office users.

Symantec Endpoint

Powered by Insight, Endpoint Protection is the fastest, most powerful endpoint antivirus software solution you can buy for both virtual and physical systems.

Kaspersky Lab

Kaspersky Lab develop, produce and distribute information security solutions that protect our customers from IT threats and allow enterprises to manage risk.

ESET Anti-virus

ESET Smart Security is an integrated antivirus, antispyware, antispam and personal firewall solution that combines accuracy, speed and an extremely

Webroot

Webroot® SecureAnywhere™ Business - Endpoint Protection offers a revolutionary approach to endpoint malware protection.

Trend Micro's

Kaspersky Lab develop, produce and distribute information security solutions that protect our customers from IT threats and allow enterprises to manage risk.

Sophos Endpoint

A single, automated console for Windows, Mac, UNIX, Linux and virtualized platforms. A single endpoint agent for Windows that detects viruses, spyware and adware, rootkits and suspicious files and behavior.

Symantec Endpoint

Powered by Insight, Endpoint Protection is the fastest, most powerful endpoint antivirus software solution you can buy for both virtual and physical systems.