Security Testing

Top IT Security ThreatsiBeta provides vulnerability assessments of websites. Using powerful security testing tools, iBeta can test websites for many problems such as XSS, SQL injection, directory traversal, XFS, PHP injection, and many data manipulation exploits.

Reporting consists of analyzing the output of the test results with regard to the code-base used and the back-end services employed such as AJAX, SOAP, SQL, AD/LDAP Authentication, and even Flash/Director, as well as network layer security such as port vulnerabilities, URL exploits, etc.

These website security tests can be conducted quickly and cost effectively.

iBeta’s Security Testing Services Include:

iBeta’s Security Specialization

iBeta has a Certified Information System Security Professional (CISSP) on staff for your security needs. The CISSP certification is administered by (ISC)². (ISC)² was the first information security certifying body to meet the requirements of ANSI/ISO/IEC Standard 17024, a global benchmark for personnel certification. To date, the SSCP, CAP, and CISSP plus concentrations have been accredited against this standard.

Our Website Security Testing Tools:

Acunetix: Acunetix WVS website evaluation tool checks for all web vulnerabilities including SQL injection, cross site scripting and many others. SQL injection is a hacking technique, which modifies SQL queries in order to gain access to data in the database. Cross-site scripting attacks allow a hacker to execute a malicious script on your visitor’s browser.

Detection of these vulnerabilities requires a sophisticated detection engine. Paramount to web vulnerability scanning is not the number of attacks that a scanner can detect, but the complexity and thoroughness with the scanner launches SQL injection, Cross Site scripting and other attacks. Acunetix has a state of the art vulnerability detection engine that uses AcuSensor Technology. This is a unique security technology that quickly finds vulnerabilities with a low number of false positives, indicates where the vulnerability is in the code and reports debug information. It also locates CRLF injection, Code execution, Directory Traversal, File inclusion, Authentication vulnerabilities and others.

Nessus: iBeta uses Tenable Nessus to perform network level security penetration testing. Nessus employs over 40,000 plugins to test for network level vulnerabilities. Typically, Tenable produces plugins for vulnerabilities within 24 hours of its public release. iBeta produces an Executive level summary and a Detailed Report for any vulnerabilities discovered. The Detailed Report has instructions or links to help your IT personnel to correct the problem.

Nessus and Acunetix scans are complementary: iBeta believes that the best way to view the two website security tools is that Nessus tests for vulnerabilities from a website that might consist of entirely static content. That is, the website consists of a server that responds to web browser requests with files containing little or no active content. Acunetix, on the other hand, tests for vulnerabilities in the active nature of a website or web application. Those types of websites accept user input and transform the user input into new content. In doing so, these sites are active and very often have interfaces to a database, other servers etc. Acunetix tests such websites for vulnerabilities such as the cross-site scripting family and SQL injection family of exploits.

Burp Suite: Burp Suite is an integrated platform for attacking web applications. It contains a variety of tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All of the tools share the same framework for handling and displaying HTTP messages, persistence, authentication, proxies, logging, and alerting. While black-box testing tools can be of great assistance in uncovering major security vulnerabilities, it is important to understand that no tool can identify all vulnerabilities. Additionally, since these tools lack insight into the context of the application, false positives can be produced. The output of this tool should not be considered a comprehensive security assessment of your application; rather it should complement a thorough manual review.

Wireshark: Wireshark is a network eavesdropping tool which iBeta uses in conjunction with Nessus scans to verify the IP address(es) for a Nessus scan. iBeta also uses the tool to analyze typical unit operations performed over a network to check for vulnerabilities such as session-hijacking or the transmission of content in an insecure manner.