Watch More


KRYPTON's Experts are often guest speakers in IT Security conferences around the world. Watch some of these talks here.

Subscribe To Our Newsletter




 

Web Applications

Web applications are often considered the “Achilles heel” of a network, as they typically must be openly accessible to a large number of people. Open access is often an essential system requirement, which provides a short path for an attacker to take reach the organization’s crown jewels. These issues exist within both :

The scope and number of potential vulnerabilities increases daily as new weaknesses are found in the foundational technology the web application may be built on. Modifying this foundation could be quite expensive and/or not easily feasible from a technical standpoint. Thus, malicious actors will have a large set of potential vulnerabilities to exploit at their disposal.

These types of attacks carry a very low cost for the attacker, yet the potential fallout resulting from a major data breach could be extremely costly.

  • Credit card data for 360,000 of Citibank's customers were ex-filtrated in June 2011 using a relatively simple manipulation of URL's, or web address.
    Wired, June 2011

How It Works

Web application testing is a comprehensive process that places KRYPTON in the role of an attacker to either a web application(s) residing on the internal corporate network, or an external website facing the internet.

There are a number of potential security issues that may be exposed during application testing that are dependent upon the makeup of the particular web application and its framework, including configuration errors, loopholes, and platform-specific vulnerabilities.

KRYPTON’s team will work with our client’s security and IT teams to identify these issues, prioritize them, and provide a comprehensive report so that they may be addressed in the most effective possible manner.

The output includes a pragmatic report that details implementable solutions in a manner that is both useful to the organization’s technical department and clearly understandable to the security and the management teams.