Internet has become the bulwark on which organisations communicate and transact. While this adds to the convenience, it also makes them vulnerable manifold. Any infringement in security will not only compromise data but also mar the enterprise’s reputation and credibility.
Validating the need for security risk, the industry has coalesced around the Open Web Application Security Project (OWASP), a robust framework for Security/Penetration Testing Services. Indium Software’s security testing practice drawn from OWASP ensures that the intended functionality is maintained while protecting data.
Indium Software performs Security Testing throughout the Software Development Life Cycle (SDLC) using a delivery process that ensures detection of errors /faults at an early stage.
Some of the typical web application attacks a business faces include:
- Work authorization
- Poor validation
- Identity theft
- Systems compromise
- Data alteration
- Data Destruction
- Unauthorized Transactions
- CSRF Attacks
- Reputation Loss
- Phishing Attacks
- Privacy Violations
Indium Software's Approach
Indium Software has a set process to ensure sealing all leaks. For this, it follows a step by step approach, including:
- Conducting web application security audit of business critical applications
- Performing vulnerability scanning leveraging testing tools
- Integrating security testing and risk analysis within the application life cycle
- Extensively using open source and commercial testing tools with ready to use jump start kits
- Deliver these services in a catalog pricing model of engagement
Indium Software's Best Practices for Web Security Testing
Certification of releases/patches as per security standards
Leverage the jump-start kits for rapid time-to-market
Create a unified process and model for web application security testing and risk modeling
Create and upgrade a repository of re-use-able test artifacts
Vulnerability scanning and auditing
Security Compliance Certification of releases/patches
A security testing shop floor for providing an integrated approach for all applications security testing
Security Tools Used Expertise
Data integrity and safety are critical especially for financial institutions due to sensitivity and criticality. Understanding the security needs, performing automated as well as manual security tests to provide for varied scenarios and user acceptance testing form part of the overall security testing strategy at Indium Software.
Security Test covering Pen test and Enumerations, interim report with identified threats and analysis, deep dive and comprehensive vulnerable assessment report with observations and remediation are some of the key deliverables Indium Software has identified and implements.
- Compliance with OWASP Guidelines on appropriate areas( XSS, CSRF , SQL Injection, Privilege Escalation ,Weak Encryption etc.)
- Malware Detection
- Extensive checklist
- Source code profiling w.r.t security
- Defining Security Guidelines & Processes