Web Application Penetration Assessment

View Datasheet  

 

"When I was asked why I chose Foundstone, I thought, would I want to hire a company that runs the tools and reads the books, or should I hire the company that writes the tools and writes the books? The choice was simple" --Foundstone client

The Gartner Group estimates that more than 75 percent of all vulnerabilities now being discovered are at the application layer. Our experience shows that nine out of ten customers have at least one serious hole that could lead to customer data disclosure or total system compromise. Foundstone Web Application Penetration Testing service looks at a web site from the perspective of a malicious hacker and finds the holes before they can be exploited.

Foundstone has led the field of web application penetration testing since day one. We published Hacking Exposed: Web Applications. We continue to drive thought leadership in the industry with our latest book, How to Break Web Software, and we will continue to integrate the service into our broader software security service offerings to help our customers design and build more secure software.

We have built and released many free tools to help automate some areas of testing including SSLDigger, a tool to test the cipher strength and SSL configuration on web servers, CookieDigger, a tool to test the security strength of session cookies and SiteDigger, a tool to determine if search engines like Google are exposing parts of your online presence.

The Open Web Application Security Project (OWASP) has become the de facto reference point for the subject. Foundstone currently leads several key projects including creating a standard that will be used as a testing criterion.

We understand the significant limitations of automated testing tools like web application scanners, so almost all of our testing is performed and verified manually using a well-defined, repeatable and consistent methodology. We use automated tools in areas of the assessment only where they are proven to be accurate and effective (less than 5 percent of a typical engagement) and have sponsored an OWASP research project benchmarking the performance of such automated tools.

• We find holes in production web sites before the hackers do.
• We perform security quality assurance as applications move into production.
• We understand your risk and the potential impact on your business.
• We do manual testing for accuracy and effectiveness.
• We actively transfer knowledge of testing techniques, issues, and remediation to our customers.

Contact us to learn how our security services can help you protect your most important assets today.

RFP Template

Foundstone has developed this Request for Proposal("RFP") template to help organizations identify and select a quality security vendor to perform professional services work.

> Download

home | services | company | education | resources | contact | privacy policy | site map | McAfee.com