The overall consensus of security professionals is that although perimeter security still needs periodic checks to ensure against vulnerabilities, the greater risk lies within our Internet facing web applications. Due to the maturity of the perimeter security technology, malicious internet users have begun to shift their focus to the application layer and have started to exploit the vulnerabilities of those applications. Companies like, Mercedes Benz, Fuji Film, Panasonic, US Navy, US Army, Microsoft, Google, the Space and Naval Warfare Systems Command, the Office of Secretary Defense, the Defense Logistics Agency, and many more, have had their websites defaced in one way or another. At face value this does not seem like a great risk, but this is a symptom of a larger problem, which are the vulnerabilities that may exist in the application code itself for some of these websites.
AsTech’s team of Application Security Engineers are among the most experienced in the field and have been involved in security review projects for some of the most highly regulated industries. Each member of the team comes from a background of development (most with 10-15 years of development experience) and are familiar with industry best practice standards for numerous development languages, including:
|
|
White Papers
Mapping the Application Security Terrain Choosing an Appropriate Assessment Process
Securing World Wide Web Applications
Solutions
Security Assessment
Ethical Hacking
Coding Standards
Secure Development