Web Application Security

Web applications have become the primary vector for hackers, with more and more breaches occurring due to vulnerabilities in online applications. SPIguard can help ensure that your web applications are secure. We offer penetration testing and vulnerability assessment services that will uncover any vulnerabilities, allowing you to fix them before hackers find and exploit them.

The SPIguard Way

We know that your time is precious and your money, even more. We have a standardized approach to every engagement to ensure consistency and also to minimize the amount of time that you spend supporting our testing effort.

Step 1: Preparation

  • We will arrange a call or meeting to walk through your application and understand the functionality. Boundaries are defined and we let you know what to expect during testing.
  • You will fill out a discovery document that provides us with some initial information.
  • Areas of potential risk are identified. You will also have input into where you think the application should be the strongest and why.
  • We will then run an automated crawl to ensure that we have touched every part of the application.


Step 2: Testing

  • We run automated tools to test your application to identify easy to find vulnerabilities.
  • Our experienced security consultants test the application manually to uncover hard to find vulnerabilities. They try and exploit issues identified during the manual and automated testing to ensure that the results are accurate.
  • We collect evidence of all identified and confirmed issues. Any critical issue that is identified is reported immediately to ensure that remediation can being immediately.


Step 3: Reporting

  • We take the results of both the automated and manual penetration testing and compile a consolidated custom-written report.
  • The report will detail all vulnerabilities uncovered during the testing process along with severity levels and recommendations for how to remediate each vulnerability that was identified.


Step 4: Debriefing

  • We will present all findings to executives and key stakeholders
  • Our security consultants will answer all questions and explain the remediation advice provided in the report.


What Is Tested?

We test every component of the identified application thoroughly and cover all the areas such as:

  • Application configuration
  • Authentication and Access control
  • Data validation
  • Session security
  • Error handling
  • Information leakage
  • Application logic
  • Special tests that emphasise
    • Data compartmentalization
    • Sensitive data handling

The SPIguard Advantage

  • Our security consultants are world-class. They have years of experience developing web applications and performing penetration tests.
  • We use a proven testing methodology that incorporates a lot of manual testing and the best commercial/open-source testing tools.
  • We do not just hand over a canned report from the tools. Our reports are custom-written and contain information that is relevant to your organization.
  • You will have access to our security consultants who can advise you on the optimal solutions for your environment. At the end of every testing cycle, our consultants will go over all the identified issues with stake-holders from your organization.