Code review and hands-on testing
The infrastructure consists of several standard components such as routers, firewalls, web-, proxy-, application- and database servers. In an assessment targeted at the security level of the infrastructure, the approach is to determine the patch-level and configuration of standard components present within the infrastructure. This is achieved with an infrastructure assessment.
Besides infrastructure, business applications form a crucial component between the outside world and the (valuable) information of an organisation. Applications are used by customers, suppliers and/or employees to access information. These applications may contain vulnerabilities that can be exploited by cybercriminals when staging an attack.
An application assessment focuses on security-related implementation and/or design-issues associated with a specific application(s). The assessment is carried out in accordance with the (international) guidelines of the Open Web Application Security Platform (OWASP) and the Web Application Security Consortium (WASC). Qbit test test applications based on the Application Security Verification Standard (ASVS).
Application assessment, consists of two modules:
- Hands-on testing
Most of the assessments Qbit carries out are aimed at the security of (business) applications. Think of internet banking, ticket ordering, patient portals or contracting insurance contracts over the internet. Qbit will test the application thoroughly for security flaws. Partly automated but mainly hands-on. Our ethical hackers will try to enter anything into the application during hands-on testing. They search as a real Sherlock through the source code for security flaws during a so-called code review.