Web Application Security - White Papers by iViZ:

penetration testing

Anatomy of Business Logic Vulnerabilities in Applications

In this white paper report you would learn most about the business logic vulnerability testing. Business logic flaws in an application’s logic are harder to characterize; this report reveals the top commonly found critical logical vulnerabilities and the ways to mitigate them. Our objective is to hand over a valuable list of logical vulnerabilities to application architects, designers, developers and testers to mitigate business Logic Vulnerabilities during the design and development phases of the application itself.

Download this report and find out:

  • Business Logic Testing for Banking Applications
  • Business Logic Testing for SaaS and Cloud Applications.
  • How to mitigate Business Logic Vulnerabilities
  • Sample Business Logic Vulnerabilities in VCC Module
  • Checklist of 50 Common Business logic Vulnerabilities in Web Applications
Download this whitepaper

web application security

(In)Security in Security Products 2013

Security companies produces security products to enable organization to remain secure. But how secure are these security products? In the year 2012, some of the major security companies like Symantec Corporation, GlobalCerts, and Panda Security among others were breached by the attackers.

Can security products itself have vulnerabilities which can be susceptible to attacks?

In This Report Find Out:

  • The major security vendors that got hacked in 2012.
  • Vulnerability trend in all products and security products.
  • Vulnerability discovery in Major Security Product Types
  • Vulnerabilities discovered in major security products and vendors.
  • Security Weaknesses in Security Products in comparison with all products.
Download this whitepaper

penetration testing

Web Application Vulnerability Statistics of 2012

We recently conducted a study on the vulnerability data of web applications tested by us in 2012 to discover the prevailing website vulnerability trends. In total more than 5000 application vulnerability from 300+ customers has been considered as part of the sample data. Our study comprised of 25% apps from Asia, 25% apps from Europe & 40% apps from USA.

In This Report Find Out:

  • 99% of web applications have at least 1 vulnerability
  • 90% of hacking incidents are not reported publicly
  • There are 35 security vulnerabilities on an average in a single website.
  • #1 Vulnerability: Cross site scripting (61%).
  • #1 Secure industry vertical: Banking.
  • #1 Vulnerable industry Vertical: Retail.
Download this whitepaper

website penetration testing

(In)Security in Security Products

Security products are as vulnerable and insecure as any other products. last year, some of the major security vendors got hacked. Some of them include majors like RSA, Comodo, Barracuda Networks, HBGary, VeriSign and Symantec.

So how secure are the security products developed by various security vendors?

In This Report Find Out:

  • Vulnerability Trends in Security Products
  • Economics behind vulnerability discoveries in Security Products
  • Type of Security Products and Vendors who have the maximum vulnerabilities
Download this whitepaper

browser security

Security Comparison of Browsers: An Independent Report

How secure is your browser?

With browsers becoming the preferred attack vector of hackers, browser security plays a critical role today. The number of browser security vulnerabilities may exceed the number of OS vulnerabilities. Recently some browser vendors sponsored studies on similar topics and not surprisingly the sponsoring vendor came out on top. At iViZ we decided to do an independent study of popular browser to analyze:

  • Vulnerability Trends in Microsoft Internet Explorer, Google Chrome, Mozilla Firefox, Opera and Apple Safari
  • Types of Security Risks vs. Browsers
  • Security Weaknesses vs. Browsers
  • Exploits Availability vs. Browsers
  • How browser architecture affects security
Download this whitepaper

cloud based application security

Return on Investment with iViZ On Demand Penetration Testing

The usual ROI calculations are not readily applied to security initiatives, such as Penetration Tests. Technically speaking, there is no return on investment for a preventative method. As such iViZ helps organizations measure ROI on a simple calculation and NOT on complex ROI calculation based on Payback Period (breakeven point), Net Present Value (NPV), and the Internal Rate of Return (IRR) which are complex and mostly confusing.

Download this whitepaper

security software

Top 7 Security Threats in 2009

Security has never been this critical as well as challenging. Organizations today face security threats from variety of sources such as malwares, website infections, smart phones, mobile phones, spams, phishing etc. Read about the top 7 threats that organizations should prepare for in 2009.

Download this whitepaper

information security

Managing IT Security

Adequately protecting an organization's information assets is a business imperative - one that requires a comprehensive, structured approach to provide protection commensurate with the risks an organization might face. The purpose of this white paper is to explore an ethical hacking technique - referred to in the IT community as Penetration Testing - which organizations are increasingly using to evaluate the effectiveness of information security measures. This paper aims to provide them with information about penetration testing and help them evaluate penetration testing as a tool for their information security strategy.

Download this whitepaper

security testing

Penetration Testing Case Studies

Organizations conduct penetration testing to secure their applications, networks and compliance. This case study describes e-commerce and enterprise customer stories and how they used penetration testing to achieve comprehensive, cost-effective security using the iViZ Green Cloud Security on demand penetration testing solution.

Download this whitepaper

vulnerability testing

(In)Security in secure software - Encrypting your hard disk is no longer safe

We use disk encryption software to secure our data. But is it really secure? iViZ vulnerability Research team discovered a new class of vulnerability which bypassed Microsoft BitLocker, McAfee SafeBoot and several others

Download this whitepaper

pen testing

Penetration Testing - Is It Value For Money?

Penetration Testing provides a hacker's eye-view for your applications as well as networks. But are we always getting value for money? Is it really effective? What are the gaps? How do you extract real value?

Download this whitepaper

security compliance

Compliance - The Good, The Bad & The Ugly

Is compliance and real security synonymous? Why organizations get compromised in spite of being compliant? How can you avoid it?

Download this whitepaper

network security

Wireless Networks - The Low Hanging Fruit For Hackers

You have secured your wired LAN with all the latest technologies and processes. But is your wireless network left open to hackers? How do you ensure the security of your network?

Download this whitepaper

social engineering attacks

Next Generation Tactical Attacks

Hacking has evolved from direct exploitation to multi-stage tactical attacks. Client-side exploitation, application-level attacks, complex social engineering are the threats of the day. Does the conventional threat definition work anymore? Are the conventional security solutions geared to face the emerging attacks?

Download this whitepaper

web application security

(In)Security in Security Software - Antivirus.. Or Door For Hackers?

Security tools are supposed to prevent attacks. But can the same tool be a door for hackers? iViZ Vulnerability Research Team discovers attack which uses antivirus as the door.

Download this whitepaper