Website security is essential to modern organizations. Unlike other IT systems that can be given the full protection of a firewall and IPS, the Web server has to be exposed to the world to fulfill its purpose.
Because it can’t be fully protected the Web application has become the most common route for exploiting security. And because it’s public-facing, there’s no hiding the fact that exploits have happened. Defacements are obvious to the world. When intruders gain access to user data there’s no choice but to admit the compromise. When user data is compromised there are penalties and a loss of trust.
The assessment objective is to examine the subsystems, components, interactions and security mechanisms of the Web application and identify Web security weaknesses. FIMS have extensive experience using commercial and proprietary tools, and public domain utilities, to examine the security posture of an application. We analyze Web application security from several vantage points: the unauthorized user, the authorized user, and to the extent possible, the administrative and developer users.