Web Applications

Web applications are an integral part of day-to-day life. We use applications on the Internet to shop, bank, gamble and network with people worldwide, 24 hours a day. Within private Intranets, HR, payroll, trading systems and more are frequently delivered through web-enabled applications.

Web applications deal in sensitive information. They process usernames and passwords, credit card numbers, names and addresses and financial information. If this information falls into the wrong hands or if someone processes a transaction they shouldn’t be able to, it can cause a lot of damage.

Web applications frequently manifest security flaws that enable a skilled attacker to gain access to sensitive data in corporate databases and to advance an attack into internal systems. Attacks against web applications employ well-formed network traffic over standard web services, and so cannot be prevented by firewalls or other traditional network defences.

First Defence can help you to secure your web applications through a combination of pre- or post- deployment services, customised to suit your needs, including web application penetration testing, source code reviews and application architecture assessments.

Through these services, we aim to identify vulnerabilities within the application that could be exploited by attackers. Our highly experienced applications specialists are able to give specific advice regarding application design, functionality, coding techniques and web server configuration, to mitigate the problems identified during our testing.

Web application testing involves validating that sensitive information and transactions processed by the application are secure. We use advanced techniques such as SQL injection, cookie subversion and parameter manipulation, to attempt to gain unauthorised access to application functionality, data and supporting infrastructure. Our highly experienced applications specialists are able to give specific advice regarding application design, functionality, coding techniques and web server configuration, to mitigate the problems identified during our testing.

Source code reviews examine the source code of an application and provide assurance that security controls are implemented correctly. We combine manual code review techniques with commercial source code analysis tools to quickly identify problem areas within the code.