HomeAppsTesting → Security Testing

Security Testing

What security tests do we run?

  • Memory safe tests: ensure no buffer overflows occur through normal usage of the website.
  • Server side input validation: format string errors, SQL injection, code injection, cross-site scripting and HTTP injections.
  • UI failures: improper functioning of the user interface or not sufficiently informing the user about security measures being taken on certain tasks performed.
  • Cross-site forgery: disallow unauthorized client-side access on behalf of authenticated user.

Vulnerabilities in websites are collectively one of the biggest concerns in the web development industry. Critical user and financial data can be compromised for many thousands or even millions of customers.

To prevent such issues from occurring, WebrMedia brings comprehensive security testing experience to the table.

During development and prior to release, we test the following system aspects for security issues:

  • Input Validation: The first rule of web security is "don't trust the user". Every bit of information which is provided by a user is strictly scrutinized and a whilelist approach is applied.
  • Access control mechanisms: Security safeguards that have been designed to detect and prevent unauthorized access to sensitive areas of the website, but allow authorized users to access the functions.
  • Authentication: Security measures that have been put in place to establish validity of an end-user or connection end-point as being authorized to receive sensitive data.
  • SQL Injection: Dynamic web apps depend on databases to do much of the heavy lifting. However, poorly coded functions can compromise the most important aspect of your online presence: your data
  • Cross-site scripting (XSS): Our systems are designed to ensure that connections are not hijacked by unauthorized personnel or unscrupulous hackers trying to inject scripts into user data with the intention of compromising security. We ensure that all data outputted to the browser is properly filtered.
  • Code Injection: Arguably the most dangerous vulnerability that can affect a system, it is often caused by a lack of input validation, including 3rd-party-scripts or by remote file access.

Right from the time the project begins, our test team constantly devise different ways of breaking our code! But this is a good thing. It means that you, as our customer, will get a website that is significantly hack proof.

Virtualize your business processes!

Here's music to your ears: Our thorough knowledge of integrating CMSs such as Drupal, with application frameworks like CakePHP, can help you take the risk out of choosing and implementing a CMS solution for your website.