Web Security



SQL injection is a type of web application security vulnerability in which an attacker attempts to use application code to access or corrupt database content. If successful, this allows the attacker to create, read, update, alter or delete data stored in the back-end database. SQL injection is one of the most prevalent types of web application security vulnerabilities.


Cross-site scripting (XSS) targets an application's users by injecting code, usually a client-side script such as JavaScript, into a web application's output. The concept of XSS is to manipulate client-side scripts of a web application to execute in the manner desired by the attacker. XSS allows attackers to execute scripts in the victim's browser which can hijack user sessions, de-face websites or redirect the user to malicious sites.


Broken authentication and session management encompass several security issues, all of them relating to maintaining the identity of a user. If authentication credentials and session identifiers are not protected at all times, an attacker is able to hijack an active session and assume the identity of a user.


Insecure direct object reference is when a web application exposes a reference to an internal implementation object. Internal implementation objects include files, database records, directories and database keys. When an application exposes a reference to one of these objects in an URL, hackers can manipulate it to gain access to a user's personal data.


Security misconfiguration encompasses several types of vulnerabilities, all centered on a lack of maintenance or a lack of attention to the web application configuration. A secure configuration must be defined and deployed for the application, frameworks, application server, web server, database server and platform. Security misconfiguration provides hackers with access to private data or features and can result in a complete system compromise.


Cross-Site Request Forgery (CSRF) is a malicious attack where a user is tricked into performing an action he or she didn't intend. A third-party website will send a request to a web application that a user is already authenticated against e.g. their bank. The attacker then accessess the functionality via the victim's already authenticated browser. Targets include web applications like social media, in browser email clients, online banking and web interfaces for network devices.

Right time for right choice

The wise choice is to let us perform a thorough vulnerability scan before some evil-intentioned black-hat hackers do their own scan!

One web server testing time can take between 48 to 72 hours because we utilise several of our solutions for full testing. It can take longer, depending on the internet speed. External Web Services Vulnerability testing can performed remotely.

Other Security Services