Ethical Hacking:
Application Testing
BT Application Testing uncovers design and logic flaws that could result in the compromise or unauthorized access of your networks, systems, applications or information. We can identify and investigate the extent and criticality of vulnerabilities found in thin client (web browser) and thick client (java) applications, including front-end and backend systems. Activities range from injections and cross-site scripting to decompiling code and HTML proxy manipulation. BT Application Testing services include Web Application Testing and Client-side Application Testing, with Verification Testing available as appropriate.
During the Web-Application Testing the BT ethical hacking team will use a proprietary process to examine the security controls being provided by the application. First, the team will pose as an unauthenticated attacker targeting the application being assessed. Later the team will attempt to exceed the intended privileges and authority of an authorized user with access to the application, which tests the strength of authentication and session management mechanisms.
Client-side Application Testing is a BT-developed process for assessing Web-based and custom client/server applications with client-side software components. This test measures the security integrated into the client software components and reviews the client software interaction with the remote server application. Often testing is based on information gathered by observation or through reverse engineering, where permitted and applicable.
Before the project begins we will work with you to develop boundaries for actions and events that our team can perform during the vulnerability assessment. Any High-Risk vulnerabilities/risks identified during the assessment will be immediately communicated to you. After the testing has been completes, BT will provide your organization with a formal report that:
- Identify vulnerabilities and weaknesses of the environment
- Rank the vulnerabilities and weaknesses in order based upon your security policies as well as best practice, ability to be exploited and mitigating factors
- Recommend both technical and process-oriented remediation and mitigation solutions
|
privacy policy 
