| About Us | Contact Us | Careers

Home > Offerings > Services > Software Testing > Security Testing

  >     Big Data Testing
  >     E-Governance Testing
  >     Functional Testing
  >     Load and Performance Testing
  >     Testing Automation
  >     Security Testing


  +91 22 4050 8200

Security Testing

With easier access to security exploitation techniques and tools availability, hacking has come in the hands of Amateur hackers, thereby increasing risk of exploitation multifold. Application security should be integral part of development process and Network, servers and infrastructure security testing should be part of project role out strategy.
Majority of system exploits happen through internal sources. With easy availability of hacking tools, the knowledge of common exploits and practices has become public knowledge. ....................................................
Security testing with right tools, right capabilities and right partner is what we bring as value solution to our clients. Our comprehensive Security testing solution for network layer, application layer, server layers and database layer helps in securing business from all levels of vulnerabilities and make it hack proof.
Our continuous watch on global exploits helps our customer in managing their infrastructure and prevents exploits on their infrastructure.
Our Security Testing approach ensures compliance to Standards, Best Practices and Regulatory Requirements such as

• Open Web Application Security Project (OWASP) Top 10
• The Web Application Security Consortium (WASC)
• Payment Card Industry – Data Security Standards (PCI-DSS)
• International Standard Organization (ISO) 27001:2005
• Health Insurance Portability and Accountability Act (HIPPA)
• Sarbanes-Oxley Act (SOX)/Central Bank Regulations
• Family Educational Rights and Privacy Act (FERPA)
• Data Protection Act and many more…
Following is list of our primary focus for security testing

• A1 – Injection: e.g., SQL Injection
• A2 - Broken Authentication and Session Management: e.g., Password / Session Token    Compromise
• A3 – Cross Site Scripting: e.g., Stealing Cookies
• A4 – Insecure Direct Object References: e.g., Object access such as restricted file or    directory
• A5 – Security Mis-configuration: e.g., Source Code Access, Account Lockout setting
   not implemented
• A6 - Sensitive Data Exposure: e.g., not properly protect sensitive data, such as credit    cards, tax IDs
• A7 – Missing Function Level Access Control: e.g., function level access rights
• A8 – Cross Site Request Forgery: e.g., Stealing Other Users Identity
• A9 – Using Components with Known Vulnerabilities: e.g., Vulnerable Components,    such as libraries, frameworks, and other software modules
• A10 – Unvalidated Redirects & Forwards: e.g., Phishing sites or Bogus sites not    getting being validated

Consult us to learn how we can help in your area of interest.
  +91 22 4050 8200 sales@auditimeindia.com

Source : The Web Application Security Consortium ( WASC )



Risk & Audit Services
Information Security


Infosphere Guardiuam


Financial Services


Case Studies


About Us
Contact Us
© 2014 Auditime, All Rights Reserved