Shabbir’s Blog

The service is designed to rigorously push the defences of Internet networks and applications. It is suitable for commissioning, third party assurance, post-attack analysis, audit and regulatory purposes where independence and quality of service are important requirements.

A final written report provides an analysis of any security or service problems discovered together with proposed solutions, links to detailed advisories and recommendations for improving the security of the service under test.

Web Application Testing / Internet Security Audit Service covers:

• Configuration Errors
• Source Code Reviews
• Application holes in server software and/or code
• Testing for Vulnerabilities
• Reducing attack risk and / or discouraging attack through server hardening techniques
• Advice on patching and on-going security

An example of the issues that the Web Application Test / Internet Security Audit would discover are as follows:

• Back doors / Trojans
• Cross Site Scripting Vulnerabilities
• Broken Access Control Lists / Poor Password Security
• Weak Session Management and Control
• Buffer Underflows and Overflows
• Aggressive Browsing
• CGI-BIN exploits
• Form/hidden form field exploits
• Injection (SQL, Web, etc)
• Insecure cryptography
• Cookie poisoning
• Risk reduction (down to zero (0) day exploits)
• Server configuration issues
• Superfluous access issues
• Platform vulnerabilities
• Errors with potential for leaking sensitive information
• and more

The duration of the test depends on the size and complexity of the test-bed, however, I can be very flexible and accommodate your requirements (however, I am unable to walk on water ;))  On average a complete test will take approximately five (5) days.  That is broken up as three (3) days of actual testing and analysis and two (2) days writing up the report.

Pricing for this service is negotiable, and you should really contact me to find out, as each project is priced based on it’s size and complexity, and the level of testing / analysis required.

Please contact me via email at secsvr[at]oss4eva.com or you can telephone on either +44 203 002 3800 or +44 780 976 9286, and we can discuss this is more depth and come to a personalized quote and schedule for your establishment.