Web Application Security

In recent years, the threat landscape has expanded to include the application layer. As web applications are used to drive key business processes (point of sale retail systems, online banking, ERP, etc) critical personal and corporate data is at risk like never before. Looking ahead at the adoption of Web 2.0 with enhanced usability for open information sharing and collaboration, the risks will only increase. As sensitive data is passed through these custom web applications, cyber criminals look for ways to intercept or otherwise compromise that data by exploiting vulnerabilities.

Best practices to secure critical web applications include pre-production code review, application penetration testing, web vulnerability scanning, as well as performing regular audits to insure the security status has not changed. Another key practice is to secure the surrounding infrastructure of that web application, including the underlying operating system, open ports and services, as well as other applications and databases the web application interacts with. Managing the subsequent attack vectors are just as critical as securing the application itself. In managing both pre-production and ongoing web application security through an integrated Security, Risk and Compliance Management solution, FusionVM delivers the following benefits: 

Complete Web Application Security Scanning –

All discovered web servers are crawled and indexed, detailing a list of hierarchical URL links in the Website. Web application security checks are performed separately for each URL (web page) to provide website-wide coverage.

Comprehensive Security and Compliance for Entire Web Infrastructure –

As an enterprise Security Risk and Compliance Management solution, FusionVM not only assess vulnerabilities on the web application but also the surrounding production environment, enabling an operationalized process for vulnerability mitigation and configuration policy compliance.

Leverages FusionVM's appliance-based architecture–

Provides customers with continuous IT security risk and compliance management in a scalable, deployable solution.

Web Design Assurance –

FusionVM's complete approach evaluates code quality by validating inputs, assessing password security and testing session handling.

Example FusionVM Web Vulnerability Checks

SQL Injection Vulnerabilities

SQL injection vulnerabilities occur when a poorly-written program uses user-provided data in a database query without first validating the input. This is most-often found within web pages with dynamic content. By testing for SQL injection vulnerabilities, FusionVM assures that required authorization is in place to prevent these exploits from occurring.

Cross-Site Scripting (XSS) Vulnerabilities

Cross-Site Scripting vulnerabilities allow for code injection by malicious users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. FusionVM tests for numerous varieties of persistent and non-persistent Cross-Site Scripting vulnerabilities to insure the web application is not susceptible to this threat.

Web Application Security Infrastructure

FusionVM's holistic approach not only provides web application specific vulnerability checks, but also includes thousands of checks for the surrounding applications, underlying operating systems and devices.

Web Page Errors

FusionVM can be leveraged during pre-production implementation to insure design flaws have not been introduced, such as password submissions via insecure input fields.