Web Application Scanning

Next generation external application testing can safeguard your website from potential threats.

commissum is delighted to offer next-generation web application vulnerability scanning as a blended managed service, incorporating an automated vulnerability assessment with manual review by experienced consultants to offer unprecedented accuracy and comprehensiveness.

While not as detailed as a full-blown web application test, the blended assessment offers an extremely cost-effective way to assess a large number of web-facing applications. In an ideal world, this is used to prioritise those applications requiring a full application security review and, when run on a regular basis, typically offers an equivalent level of assurance for applications as our Monthly Vulnerability Assessment does for infrastructure.

commissum’s Monthly Application Scan quickly scans and analyses large complex web sites and applications. It also identifies application vulnerabilities and site exposure risk, ranks threat priorities, produces highly graphical and intuitive reports, and indicates site security status according to vulnerabilities and threat exposure.

For each assignment, consultants determine the best way to evaluate an application for vulnerabilities such as input validation, poor coding practices, weak configuration management, etc. They also configure the scanning engine to deliver the best possible set of results. After carrying out context-sensitive vulnerability checking, commissum consultants review the results, looking for false positives and false negatives, to offer a complete and cost-effective assessment with outstanding accuracy.

In addition to assessing application vulnerabilities, commissum’s Monthly Application Scan performs advanced analysis on your site's structure, content and configuration in order to identify inherent exposure to future or emerging threats. This can be critical in determining future security requirements and site architecture planning to mitigate future threats.

A key feature of the reports is the ability to replay the attack using a "show me" button. This helps to educate developers to avoid coding such issues in the future. In this sense it complements our code review service, by helping to prevent developers from writing vulnerabilities into future code, as part of the Security Development Lifecycle.

• Outsourced CISO
• Interim Security Management
• Unified Governance
• Business Continuity Management
• ISO 27001 Audit
• Information Security Policy
• Managed Services
  • Managed Network Vulnerability Assessment
  • PCI ASV
  • Monthly Web Application Scanning
  • Blended Code Review