Skip to main content

Web Security

RedOracle's Web Application Testing is an Internet security audit, performed by experienced security professionals.

Redoracle Web Security Testing

A key feature of the service, and one which cannot be covered by relying solely on automated testing, is application testing. The service is designed to rigorously push the defenses of Internet networks and applications.

It is suitable for commissioning, third party assurance, post-attack analysis, audit and regulatory purposes where independence and quality of service are important requirements.

A final written report provides an analysis of any security or service problems discovered together with proposed solutions, links to detailed advisories and recommendations for improving the security of the service under test.

RedOracle Web Application Testing covers:

RedOracle Data Theft
  • Configuration errors
  • Application loopholes in server code or scripts
  • Advice on data that could have been exposed due to past errors
  • Testing for known vulnerabilities
  • Reducing the risk and enticement to attack
  • Advice on fixes and future security plans

Typical issues discovered in an application test include:

Back doors and debug optionsCross-site scripting
Broken ACLs/Weak passwordsWeak session management
Buffer overflowsForceful browsing
CGI-BIN manipulationForm/hidden field manipulation
SQL injectionInsecure use of cryptography
Cookie poisoningRisk reduction to zero day exploits
Command injectionServer misconfigurations
Well-known platform vulnerabilitiesErrors triggering sensitive information leak

The duration of a test depends on the size and complexity of a site, but can start from 6 days (approx four days testing, two writing up).