Web Application Scanning
Next generation external application testing can safeguard your website from potential threats.
commissum is delighted to offer next-generation web application vulnerability scanning as a blended managed service, incorporating an automated vulnerability assessment with manual review by experienced consultants to offer unprecedented accuracy and comprehensiveness.
While not as detailed as a full-blown web application test, the blended assessment offers an extremely cost-effective way to assess a large number of web-facing applications. In an ideal world, this is used to prioritise those applications requiring a full application security review and, when run on a regular basis, typically offers an equivalent level of assurance for applications as our Monthly Vulnerability Assessment does for infrastructure.
commissum’s Monthly Application Scan quickly scans and analyses large complex web sites and applications. It also identifies application vulnerabilities and site exposure risk, ranks threat priorities, produces highly graphical and intuitive reports, and indicates site security status according to vulnerabilities and threat exposure.
For each assignment, consultants determine the best way to evaluate an application for vulnerabilities such as input validation, poor coding practices, weak configuration management, etc. They also configure the scanning engine to deliver the best possible set of results. After carrying out context-sensitive vulnerability checking, commissum consultants review the results, looking for false positives and false negatives, to offer a complete and cost-effective assessment with outstanding accuracy.
In addition to assessing application vulnerabilities, commissum’s Monthly Application Scan performs advanced analysis on your site's structure, content and configuration in order to identify inherent exposure to future or emerging threats. This can be critical in determining future security requirements and site architecture planning to mitigate future threats.
A key feature of the reports is the ability to replay the attack using a "show me" button. This helps to educate developers to avoid coding such issues in the future. In this sense it complements our code review service, by helping to prevent developers from writing vulnerabilities into future code, as part of the Security Development Lifecycle.
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
"Above all I value the responsiveness and flexibility shown by commissum in responding to my requirements. Faced with short notice requests they have always rapidly responded, delivering on time with consistently excellent quality and clarity of reporting.”
Sonya B, IT Security - UK Local Government
Latest News
Pirate Bay illegal file-sharing website falls victim to hacking attack
The Pirate Bay website was taken offline for more than twenty-four hours after a distributed denial-of-service (DDoS) attack on May 15-16. The illegal file-sharing website was the subject of a massive increase in traffic to its web servers, clearly organised by hackers unsympathetic to its aims of providing songs, films ...Thu 17 May, 2012 //
Android phones face new security threat from hacked websites
For the first time, Android mobile phones are now being targeted by cybercriminals whenever the user browses a compromised website. The websites have been hacked so that, merely by visiting the site, the user will unknowingly download a malicious app to the phone.Known as a “drive-by download”, this particular route ...Fri 11 May, 2012 //
NATO cyber defence exercise prefigures the shape of things to come
In March 2012, NATO carried out an innovative cyber-defence simulation exercise. The exercise featured experts from throughout the cyber-security industry. This particular exercise concentrated on communications systems. The headquarters of the exercise was based at CCDCOE (NATO’s Co-operative Cyber Defence Centre of Excellence), in Tallinn, Estonia.The participants were divided into ...Mon 30 Apr, 2012 //
