Description

These types of solutions range from off-the-shelf applications to proprietary in-house developed application environments that span across multiple application technologies, system types and network environments.

Security Footprint role-plays as an unauthenticated (anonymous) or authenticated malicious user that is targeting weaknesses and vulnerabilities within the target solution. Key objectives includes gaining unauthorised access to application functionality, sensitive or secured information, the underlying system components, the database services and the supporting systems in the surrounding application environment.

Security Footprint has based its testing methodology on years of experience and industry recognised security best practices that are applicable to the different solution components. At a high level the security testing includes the following methodology that targets key security controls within these solutions:

• General information gathering and exploration of the solution and its underlying framework, services and supporting system components
• Authentication controls
• Session management controls
• Insecure cryptography and transport layer security
• Data validation controls
• Authorisation controls
• Exception handling
• Denial of service issues within the solution (Take note that this testing is specific to application functionality. For example a insecure thick client enabling malicious users to affect vulnerable server-side processing.)
• Data storage controls
• Binary protections controls.

• Services
• Enterprise