Security Testing
33% of UK businesses and 66% of large businesses had at least one serious security breach in the last year (source DTI Security Survey 2004).
The growing importance of web based e-commerce systems to businesses has not been matched by the recognition of the importance of security.
Penetration Testing that addresses the security of the network layer is widely utilised and well understood in the Testing marketplace. Less well understood is the growing menace of hacking by using web applications. Why hack the difficult and well-defended application layers when you can join and get a password that gets you full access?
SQS offers both penetration and web based security testing to offer complete Brand Protection.
Brand Protection Web Application Testing
According to a recent Gartner report on security issues, 70% of all hacking attacks now occur at the application level. Recent interest and developments in security and hardening of the Network Layer have made it increasingly difficult for hackers to penetrate at this layer. Firewall Systems, SSL Encryption, IDS Systems, Strong Authentication and other implementations have made it so hard for hackers that other routes have become attack routes of choice.
Web-based applications have fundamentally changed the risks associated with traditional client-server applications as hackers can now see all the parameters used in server-side code - enabling them to bypass client-side validations.
This can result in hackers obtaining full control and access to information, modifying the content of the pages, hijacking transactions leading to privacy breaches and e-shoplifting - or even deleting or making the site totally unavailable.
SQS-Brand Protection can be booked with 24 hours notice on the subscription service or 72 hours as a one-off test. The service covers ALL the possible application based security problems. No capital expenditure is required and no purchase of software is needed. The automated approach of SQS-Brand Protection generates a large volume of test cases (as many as 100,000 for a complex application) and then applies them. Results are available immediately. The test cases are stored and form a considerable test asset. Re-test after further development is therefore very simple.
Deliverables
- Web Application Testing delivered 24/7 on demand
- Subscription or On-Demand service as required
- User defined templates of areas of application to be tested
- User control of testing requirements with zero software and hardware costs
- User modification or creation of test templates at any time
- Significant test asset delivered to client for future use
- Detailed report with complete list of vulnerabilities and suggested remedial actions for each vulnerability
More information for Brand Protection web application testing can be found here.
Penetration Testing
Our partner Netcraft has been providing quality Internet security services since 1996 to leading financial institutions and e-Commerce sites worldwide. These services include vulnerability scanning (using Netcraft's own scanning tools and vulnerability database), penetration testing and application security reviews. Combined with SQS's services they provide first-class security testing offerings.
Netcraft's e-Commerce analysis is an in-depth penetration test performed by an expert. Its aim is to establish a security baseline
- Eliminating configuration errors
- Finding loopholes in server code or scripts
- Providing advice on data that could have been exposed due to past errors
- Ensuring that the network is secure against known vulnerabilities
- Reducing risk and enticement to attack
- Advising on fixes and future security plans
The SQS Network Examination also provides:
- Automated security auditing of Internet-connected networks
- Methodical examination of the ports on all of the hosts on your network, as seen from the Internet
- Tests for common misconfigurations and security weaknesses in the services being offered
- New vulnerability tests added daily
- Repeated on a weekly or monthly basis
Download the Brand Protection