Security Testing Options

security image
Application Security Engineer security image
security image Application Security Assessment
One off
Ongoing

Application Security Assessments

One Off Application Security Assessment

Ideal for both existing applications and for applications ready to be put into production, StarBase will assess the security status of your web application and provide a comprehensive, prioritised, assessment report detailing any security defects found.

Using our advanced technology toolset (HP WebInspect, part of the HP ASC suite) we can report your application’s compliance against major laws, regulations and best practices, including Payment Card Industry (PCI) Data Security Standard (DSS), Open Web Application Security Project (OWASP) Top 10, Sarbanes-Oxley Act (SOX) and UK Data Protection Act.

Once your application is remediated StarBase will re-assess it and let you know if the security defects are now removed.


Ongoing Application Security Assessment

Once your web application is deployed StarBase will assess its security status on a regular basis:

  • Changes to web applications create risk, and what once was secure can become vulnerable. If security is a one-time activity, a vulnerability that enters the system after the audit can go undetected.

  • The Test and Go Ongoing Application Security Assessments will highlight these new security defects

  • New security vulnerabilities are discovered all time, and hackers can exploit these in systems previously considered secure.

  • The HP Security Research Team publish updates to ASC and can make new capabilities available within 24 hours of initial discovery.

  • The Test and Go Ongoing Application Security Assessments will highlight if your application suffers these newly discovered security defects

Various packages are available for Ongoing Assessments, with prices depending on the number and complexity of web applications and frequency of assessment.

Interested in an Application Security Assessment, get a quote.

Application Security Engineer

If you know exactly what you want and just need a “man” and a "tool" to do it then our all inclusive Application Security Engineer solution is for you: experienced performance engineer, enterprise class tool, day by day provision and immediate availability.

A single fixed fee gets you a skilled application security engineer and HP WebInspect for the day.

Interested in an Application Security Engineer, get a quote .

Want to know if the Performance Engineer is the right choice for your, follow our performance test type selector.

What We Check For

Our assessment technology includes pre-built security policies for more than 20 laws, regulations and best practices and checks for the following vulnerabilities:

Data injection and manipulation attacks

  • Reflected cross-site scripting (XSS)

  • Persistent cross-site scripting (XSS)

  • Cross-site request forgery

  • SQL injection

  • Blind SQL injection

  • Buffer overflows

  • Integer overflows

  • Log injection

  • Remote File Include (RFI) injection

  • Server Side Include (SSI) injection

  • Operating system command injection

  • Local File Include (LFI)

Sessions and authentication

  • Session strength

  • Authentication attacks

  • Insufficient authentication

  • Insufficient session expiration

Server and general HTTP

  • Secure Sockets Layer (SSL) certificate issues

  • SSL protocols

  • SSL ciphers

  • Server misconfiguration

  • Directory indexing and enumeration

  • Denial of Service (DoS)

  • HTTP response splitting

  • Encoding attacks

  • Windows 8.3 file name

  • DOS device handle DoS

  • Canonicalization attacks

  • URL redirection attacks

  • Password autocomplete

  • Cookie security

  • Custom fuzzing

  • Path manipulation—traversal

  • Path truncation

  • Ajax auditing

  • WebDAV auditing

  • Web services auditing

  • File enumeration

  • Information disclosure

  • Directory and path traversal

  • Spam gateway detection

  • Brute force authentication attacks

  • Known application and platform vulnerabilities

Our reporting addresses the following best practices and legal regulatory initiatives:

  • Health Insurance Portability and Accountability Act (HIPAA)

  • Federal Information Security Management Act (FISMA)

  • North America Electric Reliability Council (NERC)

  • Safe Harbor

  • Payment Card Industry (PCI) Data Security Policy

  • UK Data Protection Act

  • Basel II

  • ISO 17799

  • OWASP top 10

  • California SB1386

  • Gramm-Leach Bliley Act (GLBA)

  • Sarbanes-Oxley Act, Section 404

  • 21CFR11

  • NIST 800-53

  • Director of Central Intelligence Directive 6/3 (DCID)

  • California Online Privacy Protection Act

  • Children’s Online Privacy Protection Act (COPPA)

  • Japan Personal Information Protection Act (JPIPA)

  • Personal Information Protection and Electronic Documents Act (PIPEDA)

Print this page

 

          Newsletter

Name:
Email: