Security Testing is an indispensable part of Web application development life cycle due to increase in privacy breaches in businesses and organizations. Samhitha embraces the industry standard testing methodology and keeps track of new vulnerabilities. Samhitha has repository of reusable Security test cases and gained proficiency in using Security testing tools (open source and industrial standard).
Offer
Samhitha helps to identify business risks that are caused by the security vulnerabilities on in-house developed applications, COTS products or third party applications. Samhitha offers the following solutions:
- Web application penetration testing
- Product security testing
- Information Systems Risk Assessments / Security Audit
- Security Policy and Process Design
- Analyzing security vulnerabilities in the applications
- Analyzing security quality of internally developed applications
- Ensuring compliance with PCI standards, SOX, and HIPAA
- Advice on fixing loopholes and future security vigilance plan
Value Proposition
Samhitha has expertise in performing security / penetration testing on the web applications. It follows the industry standard guidelines by Open Web Application Security Project (OWASP) and Web Application Security Consortium.
- Comprehensive security analysis
- Potential security issue coverage
Competency
More than one tool is required to accomplish security / penetration testing of web application. Tool evaluation is executed based on the nature of application and environment. Samhitha has expertise in using open and industry standard tools (IBM Rational AppScan, Web Inspect, Typhon III, WebGoat, and WebScarab).
Samhitha has expertise in testing web applications for OWASP Top 10 vulnerabilities, few of them are listed below:
- Cross-Site Scripting (XSS) – (Session hijack, Track user activities, Browser exploitation)
- Injection Flaws – (SQL injection, XPath injection, LDAP injection, SSI injection)
- Malicious File execution
- Insecure Direct Object Reference
- Cross Site Request Forgery (CSRF)
- Denial of Service
- Buffer overflow