Web SecurITy Review™

Changescape has a proven and effective method to review and assure the security of your web based systems called Web SecurITy Review™.  It commences with a scoping exercise where we define and agree Terms of Reference for the Web SecurITy Review™.  Depending on the size and complexity of your systems, the entire process takes between 6 and 10 days.
 
Next we review the architecture of the application suite and this phase includes a review of the design, configuration, deployment process and server image after deployment.  This phase indicates areas of potential weakness to be further investigated.
 
Next we commence an application code review.  This is a visual exercise to review the code of the application via a browser or hardcopy output.  During this phase, we seek out tell-tale patterns which indicate susceptibility to elevation of privilege, disclosure of data, cross-site scripting, denial of service or other malicious attacks.  This establishes an action plan which we follow through during the Application I/O Review phase.
 
The next stage of the review is to research the database access methods, database stored procedures and analyse the types of data stored.  This review indicates storage security and data access security such as vulnerability to SQL injection attacks.
 
Using all the information we have gathered through to this stage of the review, we now commence the Application I/O Review where we follow the system as a genuine user as well as a potential hacker.  This phase proves the suspected vulnerabilities from the previous phases and allows us to determine the severity of vulnerability as well as begin to identify recommended actions to increase security levels.
 
Our Web SecurITy Review™ report is compiled from a checklist and supporting narrative where vulnerabilities have been detected.  The report indicates severity of vulnerability and documents recommended actions to implement fixes along with guidelines for retesting each vulnerability.
 
The findings and recommendations are discussed with the Development Manager and Development Team to ensure full comprehension.  If appropriate we assist with the implementation of fixes and the re-testing of vulnerabilities.
 
To discuss a Changescape Web SecurITy Review™ please contact us for a no-obligation initial meeting.