Our Website Security Assessment is designed to meet best practices for application security. All industry regulations such as PCI Audit requirements for Websites, HIPAA Security and Red Flag requires this type of security. An assessment looks at the source code, the infrastructure, the operating systems and the application functionality. There are many areas of weaknesses that have to be addressed both from a technical and nontechnical approach.

We review your current website usage, goals for developing new functions, whether in-house or off the shelf and develop a security strategy to meet changing requirements. An analysis of what information you plan to collect, use and store using your website is conducted, review requirements to access information and what controls should be in place over data protection.

All Website Security Assessments will involve but not limited to the following methodologies:

Analysis of data access requirements

Source code analysis

Source sifting

Site design

File system traversal

Input validation

Transport mechanism

Business Logic, Functional Specification & Implementation

Authentication

Access Control & Authorization

Session Management

Error Condition Handling & Exception Management

Data Confidentiality

Analysis of tools needed to ensure secure code development

Analyze training regime for secure application development

Understand the business requirements of the applications

Develop a threat analysis and monitoring solution for application security

Develop policies to address future risk to applications

How the Process Works

Our Website Security Assessment approach is to provide a standard methodology to follow and provide your developers and implementation specialists a guideline for secure website application deployment. We provide technical recommendations with mitigating controls and policies and procedures to keep your website secure over time.