IT security audit
about  |  news  |  services  |  careers  |  contacts  |  clients  |  partners Russian version  |  Site map

Contacts

Belarus: Tel: +(375 17) 2169118
UAE: Tel: +(971 26) 457670
Switzerland: Tel: +(412 27) 432087
E-mail: Send message



Web audit

Testing of corporate web sites

Today, majority companies consider Internet as an effective marketing communications and way to promotion of its products and services. To have their own site for businesses - it doesn’t attempt to follow the fashion, but really working tool for doing business.

Large corporate sites are increasingly becoming the targets of hacker attacks. The hacking corporate Web site, which is a representation of the network, it is impact to the reputation and image of the company. The result of most of these breaks replaces generic page, pages with a list of services or company news, by another page. Often as a result of hacking the site loses data such as customer information, financial information, which is a direct loss companies. If the company is more seriously and more famous, its name and products is greater, then risks and possible losses will rise from hacking corporate website.

Within the bounds of test the security of web sites we propose:

1. Testing of web sites on the possibility are hacking through a number of common vulnerabilities, including:

  • Cross-site scripting
  • Leak proprietary information
  • Predictable resource location
  • SQL injections
  • Splitting HTTP requests
  • Lack of authorization
  • Directories indexing
  • Lack of opposition automation
  • Inverse directory path
  • Lack of authentication

2. Targeted testing of a certain web-based applications using automated testing, QA tools, manual and automated analysis (audit) for source code.

3. Deployment of an integrated Intrusion Detection System (IDS) as on the basis of commercial products or free software.

4. Optimization of web-server security, the implementation of security modules (Apache - mod_security, mod_auth_digest ...).

5. Distribution of DDoS attack reluctance system, load balancing systems, traffic shaping and QoS priority dynamic assign.

According to the results of the work submitted a detailed report witch contains information on the identified vulnerabilities, as well as detailed recommendations for removing them.

For more information, send a message or call (+375 17) 216 91 18.



Education Affiliate Provider

© 2006-2008 JLLC Belsec - IT-Security audit