iViZ Security
SOLUTIONS

Application Penetration Testing


In recent years, web applications has grown dramatically popular, with organizations converting legacy mainframe and database systems into dynamic web applications using technologies such as PHP, Ajax, JavaScript, JSP, Java, ASP, ASP.NET, Cold Fusion, Perl, Flash and Ruby etc., These applications expose customer information, financial data and other sensitive and confidential data over the Internet and intranet. With the accessibility of such critical data,web application security testing also becomes paramount. Ensuring that web applications are secure is a critical need for companies today.

iViZ's on demand application testing platform performs various types of application penetration security audits including web application security Testing, SAP audit, or other customized system audit. iViZ Security uses both black box and white box testing methodology. Enterprise application security being critical to organizations, iViZ Security allows organizations to significantly improve overall security software and reduce risk to the organization in a way that compliments the web application security infrastructure and process they currently have in place.




How Web Application Pen Testing works?

Web Application Penetration Testing is carried out from iViZ Security SOC (Security operations center) remotely over the Internet using our patent-pending technology. The section below details the methodology used in the application security testing process.
Application Penetration Testing, Web Application Security Assessment

iViZ's application penetration test provides a customized, comprehensive, impartial, and periodic security assessment of various kinds of applications - internally developed, commercial enterprise web applications (Web-based portal, e-commerce application, or Web platform), open source applications, dynamic web 2.0 applications etc., This service provides a well-developed matrix of existing threats, application vulnerabilities, and real-world recommendations to address security weaknesses. In addition, iViZ conducts expert validation for vulnerabilities that cannot be identified through automated means.

Back to Top





iViZ Security Methodology

iViZ Security uses comprehensive application security testing methodology as given below. The result of the application security vulnerability assessment is further used to do automatic as well as expert validated web application testing.


web application security testing
Back to Top





Solution Delivery

iViZ Security provides on-demand delivery for its over-the-Internet testing solution. The test reports and remediation recommendations are accessible anytime on the on demand application security management portal.

application security assessment

Delivery Features of Application Testing

  • Self-Service registration and maintenance of your hosts & applications using iViZ Security on-demand portal.
  • Test scheduling at your convenience.
  • Automatic test launch based on your schedule directly and remotely from iViZ Security SOC (Security Operation Center).
  • Email alerts to keep you updated on test progress.
  • Generation of comprehensive report based on automated testing coupled with expert validation on the tests to provide in-depth and comprehensive coverage.
  • Anytime access to vulnerability test results & remediation reports on iViZ Security on-demand portal.
Back to Top



What are the features?

Reduce Cost, Time & Effort Using On-Demand Platform

iViZ Security's unique on demand delivery platform and architecture is built to provide SaaS (Software as a Service) experience to our customers. On demand delivery significantly reduces the time and cost of conducting a conventional web application security testing effort. Customers can conduct periodic & regular Network and System Penetration Testing using this platform. The advantages of using a hosted solution are:

  • No Installation Overheads
  • No Software/Hardware Expenses
  • No Maintenance: 100% Remotely Managed.
  • Subscription Based Cost Effective Solution.
  • Automated Compliance Reporting Support for PCI-DSS, ISO 27001, SOX, SANS TOP20, OWASP TOP 10 etc.,

The above unique features reduce cost, time & effort required on your side as well as significantly enhances your ability to proactively manage your security posture.


Comprehensive & Accurate Testing.

iViZ Security's solution has a comprehensive application security vulnerability database. It performs vulnerability detection by simulating hacker attacks such as Cross-Site Scripting; HTTP Response Splitting; Parameter Tampering; Hidden Field Manipulation; Backdoors/Debug Options; Stealth Commanding; Forceful Browsing; Application Buffer Overflow; Cookie Poisoning; Third-Party Misconfiguration; Known Vulnerabilities; HTTP Attacks; SQL Injections; Suspicious Content; XML/SOAP Tests; Content Spoofing; LDAP Injection; XPath Injection; Session Fixation , automatic intelligent form filling.


Get Exhaustive and In-Depth Security Coverage With Expert Validated Testing

iViZ Security Automated application testing solution surpasses conventional manual testing process by finding out all possible attack paths, but some complex logical vulnerability require expert validation. To provide exhaustive & accurate web application testing coverage, iViZ Security incorporates expert validation of the network & system test results. This expert also separately carries out manual testing to explore security issues deeper into your network. A combination of automated testing further validated and scanned deeper by an expert provides in-depth and intelligent web application security test coverage and prioritized remediation recommendations.


Compliance Wizard & Flexible Reporting For Effective Remediation

iViZ Security provides comprehensive reports designed for management, developers, QA engineers, system managers and security professionals, providing them full visibility & control of their security testing needs. The reports are customizable so that users have full control of content and layout.
iViZ Security provides out-of-the-box compliance reporting through compliance wizard with data auto-fill. It also suggests gap areas and conformance to standards through comprehensive templates for PCI-DSS, ISO-27001, HIPAA, SOX, GLBA, California Senate Bill No. 1386 and others.


Monitor Trends With Test Audit History

iViZ Security can store your previous test history data providing you with rich trend intelligence information to help manage your security posture effectively. Succeeding audits highlight the remediation status reported in earlier audits along with their severity levels. This helps keep track of security activities and find clues of possible attacks

Back to Top


Web Penetration Testing Approaches

iViZ Security provides three approaches for penetration testing:

  • Zero-Knowledge Test (Black Box)
  • Partial Knowledge Test (Gray Box)
  • Source Code Analysis (White Box)

Zero Knowledge Test:

In this approach, the application security testing team do not have any inside  information about the target environment excepting that can be found out publicly. This type of test is designed to provide the most realistic penetration test possible since attackers, in many cases, start with no real knowledge of the target system.



Source Code Analysis:

In this approach the penetration test team has full information about the application and its source code. Unlike the black box style testing, in source code analysis, our experts walk through the application code line-by-line, looking for flaws that could allow attackers take control of your application, perform a denial of service attack against it, or use it to access your internal network. This allows you to take a holistic view of your application and identify vulnerabilities and exposure points that would have otherwise been hidden.

Back to Top





Who should conduct Application Security Assessment?

Web Application Security Assessment is highly recommended for organization that relies on :

  • Off-the-shelf products (operating systems, applications, databases, networking equipment etc.)
  • Bespoke development (dynamic web sites, in-house applications etc.)
  • Wireless (WIFI, Bluetooth, IR, GSM, RFID etc.)

If your business is in any of the below industries , you should actively consider carrying out application testing.

  • Banking, finance and insurance
  • Information technology and consulting
  • Online Retail/ Ecommerce
  • Manufacturing
  • Telecommunications
  • Research and development
  • Government
  • Television/Media

Additionally if your organization has any of these compliance and regulatory requirement, web application penetration testing will help you achieve those easily:

  • ISO 27001
  • PCI
  • SOX
  • HIPPA
  • COBIT
Back to Top




Why choose iViZ Security?

  • World's first on-demand penetration testing company
  • World's first company to build "Artificial Intelligence" tool that simulates human hacker intelligence for quicker and comprehensive testing
  • Multi-Stage Attack Analysis detects all possible attack paths unlike non-comprehensive conventional test methods
  • Unique Patent-Pending security technology which addresses the gaps in the current day security testing methodology. (Read More on iViZ Security Technology)
  • World class team and technology: World's Top 8 Innovative Technology (By Intel and UC Berkeley) and World's Top 6 Security Startups(London Business School, Homeland Security and Pentagon) (View iViZ Security Awards)
Back to Top

Copyright © 2005-2009 iViZ Techno Solutions Pvt. Ltd. All rights reserved.