Vanguard Brand Protection Managed Services
Today's online web applications provide an open door for both internal and external hackers to attempt to use your applications to perform unauthorised or fraudulent transactions, steal confidential customer and corporate information and perform denial of service attacks.
There are a large number of ways that a hacker will try to hack your web applications and the more well know your corporate brand the greater will be the incentives for hackers to try and succeed in their attempts. The threat to your corporate brand can be significant if you are hacked and if knowledge of this becomes known to your current and potential customers.
So how successful are companies in protecting themselves from hackers? Here are some key facts:
- 70% of web attacks happen at the application layer (source Gartner 2003)
- 75% of UK companies had at least one security incident in the last year (source DTI Security Survey 2004)
- The average large company lost between £50,000 and £500,000 per incident in direct and incidental costs (source DTI Security Survey 2004)
- The results of more than 300 Web Application Tests carried out over the last 24 months showed that 97% of sites had serious security flaws
Is Network Penetration Testing enough to protect your Web Applications?
According to a recent Gartner report on security issues, 70% of all hacking attacks now occur at the application level. Recent interest and developments in security and hardening of the Network Layer have made it increasingly difficult for hackers to penetrate at the network layer. Firewall Systems, SSL Encryption, IDS Systems, Strong Authentication and other implementations have made it so hard for hackers that other routes have become attack routes of choice.
Web based applications as part of e-Commerce and e-Business actively encourage the Internet Community to become customers. This is the reason for their existence after all. Once registered as a customer, use of the application means that hackers have instant access to the heart of the web site. Firewalls must be configured to allow web traffic or customers cannot access the applications. SSL Encryption merely guards the transport layer - effectively encrypting attacks and making it harder to track. IDS Systems are targeted purely at the network layer. Why try and break Strong Authentication when it is easy to become a customer with a valid user name and password?
Web-based applications have fundamentally changed the risks associated with traditional client-server applications as hackers can now see all the parameters used in server-side code - enabling them to bypass client-side validations.
This can result in hackers obtaining full control and access to information, modifying the content of the pages, hijacking transactions leading to privacy breaches and e-shoplifting - or even deleting or making the site totally unavailable.
Why use the Vanguard Brand Protection Managed Services?
The response from businesses to security problems have been to turn to Ethical Manual Hacking combined with Penetration Testing. Whilst this has provided some assistance, the size and complexity of most applications make it impossible to cover more than a few of the possible avenues. The costs involved in this consultancy-based system are extremely high and also require several weeks of advance notice to conduct.
Vanguard-Brand Protection can be booked with 24 hours notice on the subscription service or 72 hours as a one-off test.
The service covers ALL the possible application based security problems. No capital expenditure is required and no purchase of software is needed.
The Vanguard Brand Protection Managed Services analyses the web application under test and automatically generates a huge volume of test cases, some times these can be over 200,000 test cases for large applications, and then fires these test cases to the web application simulating the approach used by hackers. On completion of these tests extensive reports are produced. Furthermore test cases and test results can be stored and used for regression testing. Which is useful for re-testing after further software development.
How does the Vanguard Brand Protection Managed Services work?
The Vanguard Brand Protection Testing Service is divided into four stages:
|
Crawl
Vanguard Brand Protection dynamically crawls a site to learn the web application
Analysis
Using an expert search engine, tens of thousands of test cases of potential hacks based on the latest methodologies
Attack
Each test is fired at the application and determines the resilience of the application and assigns success and severity ratings
Reporting
Predefined reports with customised information are generated. These include test reports that can be fed into Defect Management Systems. Solutions and fixes are also supplied as part of the report |
Features |
Benefits |
Business Impact |
Remote testing over the Internet |
No need for expensive on-site IT security consultants |
Save costs.
Increased Brand Protection due to ability to conduct regular web security testing. |
Tests Conducted through a VPN connection |
Internal web applications can be tested. |
Prevents the exposure of internal private servers and networks to the Internet. |
Book tests on demand 24/7 |
Meet urgent software release testing deadlines, with just 24 hours notice - day or night. |
Ensures that all software fixes and upgrades are security tested prior to release.
Increased brand protection. |
Subscription Services |
Very low testing costs. |
Very low subscription costs permits the lifecycle testing of all web applications at a reasonable cost. Increased brand protection at lower costs. |
Low Usage |
Reasonably priced single and repeat test without having to make any annual commitments |
Low cost evaluation of the service or where only low usage is required. |
Test Template |
Users can define the areas of an application they want tested and the types of tests to conduct. |
Users can retain control on the test process without the need to be IT security experts. |
Internet Web Application |
Users book and control their testing requirements with zero software and hardware costs. |
Save costs, time and more responsive to demand. |
Managed Service |
Leaves all the actual testing to Managed Service 24/7 control centre. |
Save on staffing, training and equipment costs. |
Vanguard Brand Protection Managed Service Deliverables:
- Web Application Testing delivered 24/7 on demand
- Subscription or On-Demand service as required
- User defined templates of areas of application to be tested
- User control of testing requirements with zero software and hardware costs
- User modification or creation of test templates at any time
- Significant test asset delivered to client for future use
- Detailed report with complete list of vulnerabilities and suggested remedial actions for each vulnerability
|
