Biznet Bilişim Sistemleri ve Danışmanlık Sanayi Ticaret A.Ş.

ISO 27001 Services

Information Security Management Consulting Security Awareness Training

PCI DSS Compliance Services

SAQ Consulting On Site Audit Firewall Rule Analysis Services Internet Vulnerability Scanning Intranet Vulnerability Scanning On Site Pre-Audit Source Code Analysis Service Internet Penetration Test Intranet Penetration Test Firewall Rule Table Analysis Service Information Security Documentation Service

Vulnerability Management Services

Intranet Security Tests Internet-Based Attack and Penetration Tests Web Application Security Tests Source Code Analysis Service Firewall Rule Analysis Services Database Security Services

Product Installation and Configuration Services Product Maintenance Support Services

Identity and Access Management Services

Integration Services Role Management Analysis Services

Learn More...

	Send E-Mail

Web Application Security Tests

Web applications, when compared to other network applications, should be evaluated with more sophisticated methods due to their rather complex structures and the variety in their implementations. The main idea behind web application security tests is to check whether is it possible for an ordinary user to obtain more privilege by utilizing vulnerabilities over the Internet or Intranet. In this test, the following steps are followed:

1.Discovery Phase
In this stage, operations such as discovering server access information, DNS queries, exploring application's TCP/UDP ports, detection of server and application versions and gathering a web site map are performed.

2. Static Scanning Phase
In this stage, the web server and applications are checked against known vulnerabilities with standard scanning tools, directories and applications are determined, configuration mistakes and access rights are checked.

3. Dynamic Scanning Phase
This is the process of checking the web application and server with the most appropriate special security tools. In this phase input-output data analysis, command injection and XSS tests are applied. DoS, parameters, access, error messages and authorization controls and other advanced tests are applied to the application.

4. Manual Control Phase
In this phase, Biznet experts verify the existence of the results and security vulnerabilities found after automatic scanning on the server. This phase is important in order to minimize false positives and confirm the accuracy of the reports. Also in this phase, security vulnerabilities are manually exploited and the testers attempts to capture the whole server. The tester also attempts to reach the database and penetrate into the local network by using web servers.

5- Reporting
In this stage, the results are presented in a clear way with enough technical details. The reports may be executive, with a high level presentation of the risks and risk remediation recommendations, or technical, with characteristics of the security vulnerabilities, and technical details on methods for removing these. Reports will be presented either in Turkish or English.

6. Verification Scanning
This scanning is performed after the elimination of the security vulnerabilities by the organization in order to see the existence of any deficiencies. In this step, scan scope is limited to the possible existence of security vulnerabilities found during the first scanning.


Copyright © 2010 Biznet Bilişim Sistemleri ve Danışmanlık Sanayi Ticaret A.Ş.	Web Design: WS