Service Request
External Penetration Testing
On-Site Security Assessment
Application Security Assessment
Proactive Penetration Testing
RFID Security Assessment
FAQs




Application Security Assessment

Pure Hacking will analyze the critical components of a Web-based portal, e-commerce application, or Web platform.

Using manual techniques and hundreds of appropriate tools the assessment pinpoints specific vulnerabilities and identifies underlying problems. The analysis integrates detailed vulnerability and countermeasure information for:

  • authentication
  • authorization
  • session management
  • data integrity
  • data confidentiality
  • privacy concerns

Pure hacking provides comprehensive reviews for:

  • Fundamental Design Security
  • HTML Source Management
  • General Input Validation
  • SQL Injection
  • Cross Site Scripting
  • Token Analysis (Cookies, Custom Session IDs, etc.)
  • Session Security (Authentication and Authorization)
The Most Common Application Layer Vulnerabilities are:

Attack percent vulnerable Cross-site scripting 80%
SQL injection 62%
URL Manipulation 60%
Cookie poisoning 37%
Database server 33%
Web Server 23%
Buffer overflow 19%

 
If you are the:

  • Chief developer in an IT organization about to roll out company wide software.
  • Chief engineering, product manager or release manager in a software development project and you need to know if your software is safe.
  • IT manager who wants to assess the security vulnerability of your organization
  • Government agency or military agency charged with deployment of a significant application.


Could this happen to your application?

You have discovered a hacker has stolen $20 from your business via a custom application, and leaves $5 as a demonstration of skill. You contact the hacker as he as a user account. He demands a ransom to be paid in 3 days otherwise he will cripple your business. You try to fix the holes, and the hacker steals $10,000 on day 2 to teach you a lesson. You have over 50,000 customers. The hacker is in Russia, your infrastructure is in Northern Europe, and the operations are managed from the Asia Pacific Region. What do you do?

A new Pure Hacking client - call made at 4pm Friday 25th October 2002.

What Pure Hacking did for this client before the deadline.

  • Assess the underlying infrastructure
  • Code review of every input field for the application
  • Identified previously known and new vulnerabilities
  • Supported the client through the extortion attempt
  • Stopped the hacker in his tracks
  • Forwarded the details onto the relevant authorities.
  • All before the deadline imposed by the hacker.
  • The business continues to operate to this day in a safe manner.

This example was for a financial institution. Even more damaging to a corporation would be the theft of client details and the subsequent publishing of those details.

Click here to request a service from Pure Hacking



Finance
"We initially engaged Pure Hacking to conduct a number of tests in accordance with a set of objectives. Their approach and execution were highly commendable and all objectives were met or exceeded. Based on the experience we had no hesitation in re-engaging Pure Hacking on another assignment. In the area of internet security, I would highly recommend Pure Hacking for a penetration test."

IT. Security Manager, International Financial Institution

© Copyright 2004 Pure Hacking Pty Ltd - ABN 35 228 018 076   
Articles   |   Ethical Hacking   |   Penetration Testing   |   Ethical Hackers   |   Penetration Tests   |   Privacy  |  Legal