Web Applications are become the force behind the Internet revolution. E-Commerce, Online Banking, Social Networking and Collaboration have become the buzzwords of the Internet with a number increasing exponentially. Unfortunately, with the increase in the number of web applications, there has also been an exponential rise in web application attacks. Attackers have taken cognizance of the vulnerabilities that manifest in today’s web applications and perpetrate attacks that can be devastating for a company’s web application, consequently resulting in major losses in revenue and reputation. Web application security is a very real requirement. Security functionality needs to be built into a web application at the outset and security should permeate to all levels of the application development lifecycle. In such cases, Web Application Risk Assessment is a critical requirement.

Unique Web Application Risk Assessment methodology is a structured methodology where security is built into the web application from the incipiency of the application development lifecycle. The methodology draws parallels with Enterprise Risk Assessment and aims at securing the web application through the characterizing the application, Threat modeling the various types of threats and their vectors and finally, formulating a detailed set of security requirements which need to be designed and developed into the web application. This process provides invaluable clarity to all the stakeholders involved in architecting and developing a secure and robust web application. This process also provides a comprehensive view of web application threats and their possible attacks against a web application. This process is also designed to take into consideration, requirements for security compliance standards and laws, thereby ensuring that the web application can easily address any compliance requirements as well.  Web Application Risk Assessment process is also extremely beneficial for applications that have already been developed. Web Application Risk Assessment process can also be coupled with the Web Application Vulnerability Assessment/Penetration Testing and Secure SDLC consulting to provide the optimized security which needs to be part of the mission-critical applications that are developed for your clients and for your organizations.


The loss due to hacker attacks could be detrimental and could have numerous negative impacts on your company. Web Application Security Assessment will help to identify the weaknesses and potential threats to your web application.  Professionals simulate hackers’ actions to seek security holes in your web application, helping your web application to defend against OWASP Top 10 vulnerabilities.
The assessment covers the following security areas:

• Insecure configurations of web servers
• Insecure storage of sensitive information
• Improper error handling
• Application loopholes in server code or scripts, including cross-site scripting, SQL injection, and server-side code execution and other vulnerabilities
  
• User privilege violation and escalation
• Session hijacking
• Application Denial-of-Service (DoS) and buffer overflow
• Known vulnerabilities reported by software/hardware vendors or security forums
• OWASP top 10 vulnerabilities, the most critical web application security flaws in the Internet

Once complete, Will provide a report identifying all of the security vulnerabilities found.  Each finding will be assigned a risk rating based on the following criteria, along with remediation recommendations to resolve the threat.

High risk: The potential impact of loss (in terms of Confidentiality, Integrity and Availability) is high, or controls to prevent the vulnerability from being exercised are ineffective.

Medium risk: The potential impact of loss is moderate, or controls are in place that may impede successful exercise of the vulnerability.

Low risk: The potential impact of loss is low, or controls are in place to prevent (or at least significantly impede) the vulnerability from being exercised.

Overall, Web Application Security Assessment provides you with:

• Management Summary
• Final report
• Security vulnerabilities with risk level rating
• Detail description of security vulnerabilities
• Remediation recommendations
• Technical references
• Methodology and best practices
• 1-hour review meeting with IT staff

Article source: http://www.we45.com/wasra.html
Article source: http://www.milescan.com/hk/index.php?option=com_content&view=article&id=24&Itemid=131