APPLICATION SECURITY CONSULTING

p01

Today bringing your business online is a must in an effective business development strategy. Thus more and more sensitive data is moving to the web which brings new application security and information confidentiality challenges.

The most secure web applications are those that are developed initially with security in mind. Aegaeon specialists follow a holistic approach to designing, building and supporting secure web applications. We address security issues on all application tiers (web server, application server and database). While developing secure web applications we analyze vulnerability categories and potential threats (external or internal) depending on application scenario and technologies used. This enables us to develop an effective security architecture and take proper countermeasures.

Vulnerabilities and Potential Threats Securing Practices and Countermeasures
Authentication - Network eavesdropping, Brute force attacks, Dictionary attacks, Cookie replays, Credentials theft
  1. Partition of public and restricted areas
  2. Account disablement policies
  3. Proper credentials verification and storage
  4. Proper password handling
  5. Authentication data protection
  6. Communication channels securing using SSL
Input Validation - Buffer overflow, cross-site scripting, SQL injection
  1. Thorough input validation
  2. Proper input filtration
  3. Centralized validation strategy
  4. Proper database access
Authorization - Privilege elevation, confidential information disclosure, data tampering
  1. Multiple gatekeepers
  2. Authorization granularity
  3. Role-based security
  4. Strong access controls
  5. System level protection