A recent report by Cenzic identified 2835 vulnerabilities during the third and fourth quarters of 2008 alone. Eighty percent of these vulnerabilities involved web services, which are critical, strategic resources that present your organization’s brand and provide the gateway to backend operations and databases.
By 2009, 44 states had passed legislation to guard against data breaches of non-public-facing information and to shift the responsibilities to businesses. Organizations that do not take proper precautions are subject to penalties and fines.
Is your organization at risk?
1. Do you have a public-facing website?
2. Do you collect and/or store private information from customers, partners or employees?
3. Do you conduct business or handle payment transactions through your website?
4. Do you offer customers, partners or employees access to private information through your website?
5. Do you allow access to company financials or personnel data through internal website?
If you answered “Yes” to at least one of these questions, your organization may be at risk for monetary loss, findings of non-compliance or reputational detriment.
Allow Carolina Advanced Digital’s security consultants to perform a web application security assessment. Using the findings of our evaluation, our engineers will work with you to develop the best solution for your needs and your budget.
What is a web application security assessment?
Carolina Advanced Digital’s security consultants will deploy a Breach Security WebDefend web application firewall in an out-of-line configuration at the organization’s hosting site then monitor all requests and responses associated with the targeted website(s) for 2 weeks.
Following the collection period, we will retrieve and analyze the data in order to develop a critical analysis of the risks and vulnerabilities associated with the target website(s). These findings will be based on the context of two resources: The Open Web Application Security Project (OWASP) Top Ten List (http://www.owasp.org/index.php/OWASP_Top_Ten_Project) and The Web Application Security Consortium (WASC) Threat Classification (http://www.webappsec.org/projects/threat).
In a final report format, we will address the identified application defects, discuss their impacts on both website integrity and user experience, and offer our recommendations for remediation.
For more information or to schedule an assessment, contact us at 843-469-1141 or engineering@cadinc.com.