» e-Commerce Web Application Assessment

The Web Application Assessment is a Layer 7 application scan to determine the state of website defenses against SQL injection, Cross-Site Scripting (XSS) and other vulnerabilities. The security of the underlying application code with respect to special character and data input bounds filtering is crucial in preventing denial of service attacks, web defacement and unintentional data compromise, loss or theft.

False positives are counterproductive in that they can potentially lead to wasted effort. Our methodology and tools include verification of such spurious results. That is reflected in a high degree of confidence in the final Report.

Having verified the state of the code that the web visitor interacts with, the investigation continues. In order to achieve a high degree of confidence in a web deployment, it is also necessary to assess a list of other factors. This includes, but is not limited to the host platform OS patch level and hardening, the state of connected ‘back office’ platforms (i.e. – SQL server, etc.), surrounding network fabric (i.e. – routers, switches, firewalls, et.) and overall architecture, policy and IDS/IPS deployment.

WhiteHat has performed web assessments for numerous clients in the financial, healthcare, critical infrastructure, pharmaceutical, utilities and the Internet fabric. That experience allows for a Report that provides a qualitative sense of context, or perspective, for how any particular website compares to other sites of organization of similar size and core business. That experience and insight is an important benefit to our clients.

Finally, the location of the web server has no impact on this assessment. It is very common to see websites installed at hosting providers, ISPs, co-locations and other outsource providers. Our methodology includes the necessary protocols to effectively manage outsource provider scenarios and continue to deliver credible reporting.