Don’t let your applications be the gateway to cyber attacks.
The Application Threat
With the plethora of Internet applications we use every day to allow for on-line banking, bill pay, account and/or policy information which tie into a host of databases containing personal information, or corporate secrets, the hacking community has found attacking an application is often less complex, tempting them with the possibility of easier and bigger rewards. For instance, if hackers were to compromise a database through a company’s on-line store, they may be able to gain personal information, like billing addresses, credit card information or any number of personal information fields that easily allow for terrible consequences, like identity theft, credit card fraud or information brokering.
Organizations that use ASPs (Application Service Providers) and don’t host their own applications, should be aware if the hosted application was tested. Once an organization decides to trust an ASP with its data, the diligent and prudent practice would be to have the ASP have the application(s) tested and supply a copy of the resulting report to the organization for review. This process allows an organization to thoroughly understand the risks and affords an opportunity to take appropriate measures.
What is Application Testing?
Application security testing lets you know, ideally before an application goes live, if it is vulnerable to compromise by an attacker from the outside, or from within. Is the application vulnerable to hacking, SQL Injection or Cross Site Scripting? Before you trust confidential customer data to an ASP, it is imperative you make sure the application was properly tested for vulnerabilities. GDF can test an application for vulnerabilities, help secure it and ensure your organization’s data is substantially more secure.
What is Tested?
Session Management Security
Cross Site Scripting
Hidden and Form Field Manipulation