SECURING E-COMMERCE APPLICATIONS

FREE NO OBLIGATION CONSULTATION

2JAY LTD IS A SECURITY CONSULTANCY HELPING COMPANIES PROVIDE, HOST AND DEVELOP SECURE & EFFICIENT WEB APPLICATIONS

Giveaway Ending In...

Day(s)

:

Hour(s)

:

Minute(s)

:

Second(s)

2JAY LTD IS A SECURITY CONSULTANCY HELPING COMPANIES PROVIDE, HOST AND DEVELOP SECURE & EFFICIENT WEB APPLICATIONS

 

Ensuring your company, employee and customer data remains out of the public domain is day to day concern, but the applications we use to enable greater mobility and productivity of our employees as well as constantly improving experience for our customers, is usually underpinned by a portfolio of Web-based Applications.

 

The advantages offered from Webmail and the 24/7 sales opportunity offered by E-Commerce presence means we open up a greater surface of which requires protected. The ever growing presence of these applications allows companies to grow, but as does the overall attack surface.

 

TECHNOLOGIES TESTED

 

WEBMAIL

Given the broader availability of Email access offered by Webmail solutions comes with benefits, but also added risk. Opportunities arise for unauthorised access to Corporate email using techniques such as Phishing to extract a user’s password. With this in hand, an opportunist can then log in to the Webmail account from any remote location if the Security Policy allows.

SHAREPOINT

The core design of collaboration and sharing platforms such as Sharepoint have to come with an understanding of how Sharepoint can be breached as well has how to mitigate the risks, prior to deployment.

WORDPRESS

25% of the global web real estate is hosted using WordPress. Whilst the framework is continually updated, improved and made more secure, there are still a number of best practices that can easily be ignored and as a result, put sensitive data in the public domain.

E-COMMERCE

Patched systems, regularly backed up, scanned and protected using Cloud based DDoS protection can still fall prey to more meticulous, targeted attacks. A layered defensive approach coupled with regular reviews help sustain a secure, stable online presence.

CUSTOMER EXTRANET

Business enabling 3rd party Partner Portals are essential, but if an opportunity to bypass authentication mechanism’s allows a broker or customer to escalate access privileges potentially leaking sensitive data, a loss of trust may have to be consumed.

INTERNAL BESPOKE WEB APPLICATIONS

Hosting internal web applications to improve overall business may inevitable add to the bottom line, but if the very same application is susceptible to rogue interests then this could prove the weak link to bridge a would be attacker from your non-routable internal network, to the user space, using this host of the application as a backhaul to transit your sensitive documents to the public domain.

PROVIDING CONSULTANCY ON APPLICATIONS PRIOR TO GO LIVE OR PART OF QUARTERLY REVIEW

COULD YOUR PARTNER WEB PORTAL PUT YOUR REPUTATION AT RISK?

NO OBLIGATION CONSULTATION

AUTOMATED AND MANUAL SECURITY TESTING TO OFFER SPEED AND DEPTH TO ASSESSMENTS

VULNERABILITIES ASSESSED

 

SQL INJECTION

Databases tend to be repositories for sensitive data and access by public facing applications. Malicious users of the application have over the years proven the sensitive data held in the databases can be accessed, read and copied, by using the application as a proxy, inputing SQL commands into input fields of the website to send specifically crafted commands used to manipulate and interrogate the back end database.

SCRIPT INJECTION

Input points positioned within a website offer up opportunities to allow script based commands to be inserted, potentially manipulating the application. The effects of these scripts can negatively effect future visitors of the very same web page.

SESSION HIJACKING

Anomalies in web application software over the years has led to unwanted account access via means of false representation of a user, by an aggressor crafting TCP traffic carrying cookies intercepted from a valid user. Web Applications failing to regenerate session cookies at various check points of a session have made an attackers role that little bit easier.

AUTHENTICATION BYPASS

The risk related to an “authentication bypass” vulnerability can only be established when a clear understanding of the escalated level of authorisation is demonstrated. Needless to say, unauthorised “administrator” level access can prove devastating.

REMOTE CODE EXECUTION

Exploitation of a bug in software that submits complete control of your application server to the hands of the aggressor.

 

Whilst we’re all fallible, we can do our best to ensure potential attacks are made harder for the aggressor. Distributing protections across a 3 tier model of hardware, software and personnel intervention can help thwart even persistent and advanced attacks.

 

A combination of configuration and code reviews, Web Application Firewalls, Intrusion Detection, regular security assessments and audits can ensure that Web Applications built on solid foundations can refute all but the latest and greatest attacks and ensure the weak link in your infrastructure is not an element hosted in the public domain.

AUTOMATED AND MANUAL SECURITY TESTING TO OFFER SPEED AND DEPTH TO ASSESSMENTS

FIREWALL REVIEW

WEB SECURITY TEST

SECURITY TRAINING

Contact Us

14 + 3 =

CONTACT US

 

Telephone: 01604 636 448

Email: hello@2jay.co.uk