What is it about?
Web applications are now an integral part of every corporate information system, essential tools for services of various kinds, internal or external: webmail, Intranet portals, e-procurement, customer support, home banking, file sharing and much more.
Crypto Net Labs verifies the security level of web applications through specific Vulnerability Assessments and Penetration Tests, based on international reference methodologies (one of which is OWASP) and on controls both in black-box mode (i.e. without having previous knowledge of the targets) and above all of user credentials, and in authenticated mode.
Tests cover the technical area – Cross-Site Scripting (XSS), SQL Injection, Insecure Direct Object Reference (IDOR), Local File Include (LFI) or other vulnerabilities – but also focus on application logic, to detect any possible abuse.
Drawing on their experience and using an optimal combination of commercial and open source tools, our professionals provide a wide and thorough degree of focus on the weaknesses that can most frequently or most dangerously affect web applications.
The tests review all the key analysis categories: authentication, authorisation, session management, error management, encryption, input validation and business logic verification. The service can also be applied to SOAP or REST web services.
Who can benefit from it?
All companies and organisations that use web-based applications to provide services critical to the business or sensitive, (especially in relation to the type of data processed), to customers, employees or partners. To identify the most vulnerable points to possible attacks, and to ensure full compliance with industry regulations and standards (such as PCI DSS and GDPR).