Overview

Just as infrastructure controls are vital to the information security of any system, web-based applications must also be designed, developed and implemented with information security in mind. Mandalorian's Web-based Application Security Assessment provides the most effective means of identifying and qualifying web-based application threats.

Mandalorian's technical team follow standardised methodologies that are based on and exceed guidance from organisations such as OWASP. Mandalorian have consultants with 10 years of web-based application security testing experience with extensive specialisms ranging from Perl CGI scripts to frameworks using .NET, PHP and Java as well as specific expertise in cutting edge frameworks such as Django, Ruby on Rails, and TurboGears.

The deliverables are written in a remediation focused manner, with issues tied back to development patterns and sample reference code provided where possible. All technical issues are qualified in a standardised manner and findings are benchmarked against relevant regulations and governance requirements.

Why Test Web-based Applications?

Web-based applications provide a common interface between users and data. This data is often mission critical or subject to regulatory control. Whilst best efforts are made in application development it is surprisingly common to find application layer security weaknesses, especially where tight release deadlines are involved. Mandalorian's web-based application security testing offering provides a remediation, developer and project manager focused assessment that helps projects identify, qualify and mitigate security vulnerabilities at various stages of the Software Development Life Cycle (SDLC)

In some instances, application security testing is mandated by regulations or end-user contractual obligations. In this instance a Mandalorian web-based application security test can provide the independent assurance required to demonstrate suitable application layer security controls are in place.

Benefits

Because Mandalorian's services are mitigation-focused a Mandalorian web-based application security assessment maximises end-user value. Web-based application security tests from Mandalorian provide a snapshot in time view of a given application's security, but also provide sufficient detail to resolve and address application-layer issues. Other benefits of web-based application security testing include:

1. Identify and address application threats before go-live.
2. Demonstrate compliance with standards and regulations.
3. Transfer skills and improve security awareness among developers.
4. Develop structured action plan with measured goals and timescales.

Mandalorian also provide follow-on support to assist in resolving security issues identified during testing.

Deliverables

The primary deliverable for a web-based application security test is a detailed report containing an executive summary section written in Business English and a technical section developed with a remediation focus in mind. Reports are tailored to client requirements and threats are qualified according to documented rating mechanisms. This ensures that each finding's threat ratings are thought out and well-defined.

Application security test reports are designed with developers, project managers and security managers in mind. The goal of the deliverable is to provide solutions as well as highlight problems and to assist project and security managers in creating action plans to address the issues presented.

Mandalorian can provide ongoing post-test support and assistance for developers and project managers, as well as workshops, training and knowledge transfer. Mandalorian consultants have over 10 years of experience in the application security testing field.

Further Information

To discuss your application security requirement with a Mandalorian advisor, please fill in the form below.