Application Tests

The importance of protecting the organization's applications is rapidly increasing due to the accelerated transition to the use of Web applications, which is becoming broader on a daily basis, and supplies users with unique and new access options that have not existed in the past.

Technological developments in the Web environment significantly impact on Web-based applications. To keep up with the pace of these developments, anticipate risks and develop suitable solutions, focused professional know-how is needed, since security products for Web applications is an area that is still in its initial stages of development in comparison with security products developed for infrastructure.

BugSec specializes in the performance of advanced application tests, benefiting from proven experience in the provision of high level results without overly relying on the many scanners available on the market. Our experts conduct complex application tests based on our unique, proprietary methodology, developed by BugSec's founders – who are leaders in the information security field both in Israel and internationally.

The application tests are carried out in Web environments such as PHP, ASP, ASP.NET, ISAPI, Web Services, JAVA and more. These tests detect Web-based attacks, for example:

  • Cross site scripting

  • SQL injection

  • xpath injection

  • LDAP injection

  • SSI injection

  • OS commanding

  • Path traversal

  • Phishing

  • HTTP response splitting

  • Directory indexing

  • Session fixation

  • Credential/session prediction

  • Insufficient session expiration

  • Information leakage

  • Insufficient anti-automation

  • Insufficient authentication

  • Brute force

  • Buffer overflow

  • HTTP response splitting

There are several central approaches to the performance of existing tests, which are most often implemented in accordance with regulations the organization is subject to, or in accordance with decisions made by its management to execute Information security tests. The choice of the approach most suitable for the organization is extremely important and must be carefully considered. The different approaches, and the differences between them, are presented below:

  • Black Box

  • White Box

  • Gray Box