Any commercial Internet Web site reflects the organization’s marketing message and often provides a day to day operational tool to manage customers (ecommerce, customer care etc.) and partners.
Internal Web applications are in most cases critical for the organization’s on-going operations. Any damage to these Web applications or to the data they hold is immediately translated to a severe business impact.
This test is even more important as a proactive defense measure for dynamic Web sites due to their use of databases which allow the site to remain updated and relevant to the users.
The test objectives are to identify and recommend mitigation of exposures such as: defacement, malicious code insertion, data theft (credit cards, client information etc.). Web site based on JavaScript, .NET, J2EE, Macromedia Flash, ASP and AJAX are searched to identify exposures used by hackers such as: Parameter Injection, Command Execution, SQL Injection, Cross-Site Scripting, Feed Injection, Brute Force Authentication etc. using a combination of advanced software tools and manual penetration methods in a non-intrusive and focused process.
It is highly recommended to include this test during the pre-launch QA phase of the Web site. Our complimentary IPVCybertech© service is designed to monitor the Web site exposure in a continuous mode.
