Web Application Security Services free ppt

1
WEB APPLICATION SECURITY

• Description
• VELEVATE assist our esteemed customers examine
  your website pages, applications and web servers
  to find security weaknesses and vulnerabilities
  that would not give external threats an
  opportunity to damage your business.
• VELEVATE Web Security Assessment and Auditing
  Services team with web application security
  testing, vulnerability management and
  configuration assessment identifies and helps
  remediate critical web application security
  threats for all OWASP Top 10 web application
  vulnerabilities,SANS Top-20 security risks as
  well as various client-side vulnerabilitiesas
  follows

2
(No Transcript)
3
Reconnaissance

• This involves gathering as much information as
  possible about the selected application this is
  achieved by discovering publicly available
  information by utilizing a web browser and/or
  visiting newsgroups, search engines, web
  resources etc. (in case of information being
  publicly available).

4
Enumeration

• This would involve detailing of the target,
  including but not limited to
• Application Fingerprinting
• Application Fingerprinting
• Enumeration of different types of application
  pages such as ASP or JSP
• Detecting existing countermeasures against common
  attacks such as automated form submissions
• Spidering the website. Identify any suspicious
  pages or pages with large attack surface
• Banner-grabbing
• Ports and services on the webserver
• Weakness Identification
• Automated scanners are utilized to detect
  vulnerabilities, these tools are further trained
  using macros and policies are optimized for most
  optimum scan coverage.
• In addition to tools, an exhaustive list of
  manual test-cases is utilized to detect
  vulnerabilities ensuring holistic coverage.
  Issues like stored XSS, privilege escalations,
  malicious file uploads etc. that are not detected
  by automated scanners are identified.
• Best-in-class automated scanners along with
  manual test cases ensure a thorough coverage
  including but not limited to OWASP top 10 and
  SANS top 25.
• Manual verification of the vulnerabilities
  detected by automated tools is performed to
  eliminate false positive from the observations.
  All possible attack and entry points are
  determined in this phase.
• Immediate notification is raised for high risk
  vulnerabilities
• Exploitation
• Exploitation of vulnerabilities detected in
  earlier phases is carried out using exploitation
  frameworks and scripts, taking a deep dive
  approach to penetrate as deep as possible.
  Research is conducted on underlying technologies
  and infrastructure for known vulnerabilities and
  exploits that are available in the public domain.
• For production applications, penetration testing
  is done in a safe mode where payloads are
  deployed to demonstrate exploitability of
  vulnerabilities, without actually compromising
  systems/sensitive data.
• Human intelligence is applied to exploit
  scenarios that are not comprehended by tools
  these could be specific business/functional
  logics built into the application or exploit
  instances that require bypassing processes by
  techniques like social engineering.

5
Our Tools
6
Our Advantages

• VELEVATE help you fix web application security
  issues with complete website security testing,
  the fastest assessment and reporting, detailed
  instructions for the correction of
  vulnerabilities and access to our security
  professionals for assistance. We help
• Discover how vulnerabilities become real risks as
  we test the defences of your network, using the
  same methods as an outside attacker.
• Our penetration testing software gives you a
  clear view as to what vulnerabilities can easily
  be exploited within your environment so you can
  focus on the most critical vulnerabilities.
• Safely simulate attacks on your network to
  uncover pressing security issues.
• Verify your defences, security controls and
  mitigation efforts.
• Manage phishing exposure, and audit web
  applications.
• Determine which vulnerabilities should be patched
  and in which cases it makes more sense to look at
  compensating controls such as web application
  security firewalls.
• Send detailed remediation reports to your IT and
  web development team so they can quickly and
  easily resolve the issues.
• Work closely with developers to fix the
  root-cause issue, you can make continuous
  progress in reducing the threat level over time
  and eliminating the need for constant patching.
• Set up mitigating controls for vulnerabilities,
  misconfigurations and threats related to malware.
• Act on prioritized and exploitable
  vulnerabilities with practical remediation and
  mitigation advice
• Take the right actions quickly, meeting critical
  turn-around commitments as part of your SLAs.
• Gain creditability with stakeholder teams by
  delivering reports that are relevant, concise and
  actionable.

7
About VElevate

• VElevate was founded with the sole idea to fuel
  businesses in need for a strategic boost in
  market reach by providing you a secure digital
  presence, online applications and infrastructure
  development. Our service involves the best in the
  industry web mobile app development, digital
  marketing, Security of web and application and
  infrastructure design implementation.
• We believe in providing an uncompromised service
  experience with unparalleled commitment.