Web Application Assessments

Our manual web application assessments identify and report on security issues related to online website applications. These are usually coded in php or aspx with MYSQL or MSSQL databases in the backend. Our assessments make use of hands on methods(not tools) and typically we assign one or two security analysts to new engagements.

Telspace Systems always recommends a website assessment prior to the actual release of the website. This will allow the client to close serious issues pre-production - it is always better to be proactive about security, as opposed to reactive.

Different types of testing include:

White Box Testing (Code Review)

When a White Box assessment method is chosen by a client, Telspace Systems reviews each line of code in a specific web application for various security issues and bugs. This is a tedious task but is often necessary to solve any bugs that would not usually be found when utilizing the blackbox method. The White Box assessment usually takes a longer period of time than the Black Box method, however it is usually more extensive and produces better results.

Black Box Testing

A more popular method of testing websites is the Black Box web application assessment. When clients of Telspace Systems choose this option, we do not have access to source code or any information that assists us in finding out exactly how that website is coded. Essentially we do not have access to the way the website is put together and coded. This is a more effective “Hackers” view of the web application and is a shorter test in general.

Telspace systems tests for a variety of issues, some of which include:

Attack Methods

  • SQL injections (various including blind)
  • Username/password Weaknesses
  • Remote/Local file inclusion
  • Remote code execution techniques
  • Token Replaying
  • DOS
  • Defeating remote file upload validation
  • Search Engines
  • XML attacks
  • Business Logic flaws
  • Many more according to OWASP standards

Attacking the client side

  • XSS and CSRF
  • Attacking the actual web client
  • ActiveXploitation and many more

Securing Web Application

  • Code auditing
  • Data Sanitization
  • and many more....

Service Portfolio
click here to download
Company Profile
click here to download