web application security certification and benchmarking

GET A DEMO AT YOUR DESK

Award Winning Security Testing Services

Request a 1:1 Online Demo

describe the image

REQUEST A QUOTE

Security Testing Quote

Receive a Fixed Price Proposal with Sample Report

describe the image

SERVICE ACCREDITATIONS

describe the image
describe the image
describe the image
describe the image

RELATED SERVICES

Web Application Vulnerability Scanning

What is Web Application Vulnerability Scanning?

Web application vulnerability scanning provides frequent semi-automated testing of websites and web applications to identify common vulnerabilities on an ongoing basis. The applications and websites scanned are also benchmarked against the OWASP Top 10 and PCI requirements for application security.

The web application vulnerability scanning service is a cost effective method of performing regular (typically monthly or quarterly) security tests.  Tests involve a combination of automated security scans, coupled with manual verification of findings by a Security Test Engineer.

Web application vulnerability scanning  provides security assurance against the majority of threats faced by web applications, but it is not as exhaustive as web application security testing or security source code review.

Web application vulnerability scanning is recommended for:

  • PCI and HIPAA related websites and web applications
  • eCommerce and financial related websites and web applications
  • Websites and web applications classified as high or medium with respect to business criticality

Overview of our service

Once websites and applications are enrolled for web application vulnerability scanning, we obtain URLs to be tested, the scheduled times for testing, and the credentials for the sites (if applicable). Once the setup is completed the application level vulnerability scanning is conducted using leading commercial application scanners.

The outputs of the vulnerability scanners are manually verified to remove any false positives. Additionally there are a set of manual tests and checks that are performed in areas where application scanners are unsuitable or less effective. Detailed reports with vulnerability details, ease of exploitation, impact, vulnerability rating, solutions and fixes are provided. The reports also include benchmarking against the OWASP Top 10 and PCI requirements.

Key service attributes

  • Automated web application vulnerability scanning
  • Manual verification of vulnerabilities
  • Manual security tests to complement automated scanning
  • Periodic scanning & reporting – typically monthly or quarterly
  • Access to reports via ClientConnect portal
  • On-demand scheduling via ClientConnect  portal
  • Detailed vulnerability reporting
  • Removal of false positive findings
  • Clear recommendations and fixes
  • Cost effective solution for regular testing requirements

What you receive

The results of the tests are presented logically and clearly and are provided through an online secure portal (also downloadable as a PDF).  The test report includes the following details:

web application security certification and benchmarking

  • Executive summary
    • Vulnerability graph
  • Detailed vulnerabilities
    • Detailed steps
    • Solution
    • Further reading
  • Observations
    • Title
    • Description
    • Solution
  • Interpreting risk ratings

The reports provide a view of the findings ranked by risk level, helping you prioritise on the areas of greatest risk.  Clear guidance and concise solutions are included to help you quickly eliminate all vulnerabilities found.

.

..

What to do next

Contact us on 0844 488 0963, email us at info@securityalliance.co.uk or complete our Enquiry Form to discuss requirements, get an online demonstration, request a sample report or arrange a meeting.