More than 70% of websites and data processing systems are assailable and the 75% of these Internet vulnerabilities lies in the Web Application Layer (Gartner). As a consequence, this statement poses to every industry two main problems: the security problem in general, and then, the vulnerability detecting process in the infrastructures IT.
Engarm security offer, consists in using automatic tools able to detect the technologic vulnerabilities that may be present in the IT infrastructure. The penetration tests, done by highly skilled staff, let verify the security of web applications against the ten most critic risks (OWASP Top 10) in particular:
- A1-Injection
- A2-Broken Authentication and Session Management
- A3-Cross-Site Scripting (XSS)
- A4-Insecure Direct Object References
- A5-Security Misconfiguration
- A6-Sensitive Data Exposure
- A7-Missing Function Level Access Control
- A8-Cross-Site Request Forgery (CSRF)
- A9-Using Components with Known Vulnerabilities
- A10-Unvalidated Redirects and Forwards
About 90% of the security incidents caused by application vulnerabilities, is created by the vulnerabilities present in the OWASP Top 10.
There are three execution modes:
- External analysis: the penetration test is performed from the external than the web to be analyzed, and in this way a real informatics attack is simulated: it is driven by an attacker which is connected to systems through internet exposed;
- Internal analysis: the penetration test is performed inside the web to be checked , and a real informatics attack is simulated: it is done by an attacker which can already access the internal net;
- Complete analysis: it consists in both of them.
For further information engarm@engarm.it
