Web Vulnerability Assessment Q&A
Web Vulnerability Assessment Q&A AN INGRAM MICRO EXPERT SERVICE
Ingram Micro Professional & Training Services enables our partners to effectively deliver value to their clients throughout the entire technology lifecycle. We offer opportunities for solution providers to evaluate, discover, deploy, service and support new solutions as part of your team or as an independent partner. Q. A.
What is an Web Application Vulnerability Assessment? Web application testing is an assessment involving scanning application source code against known exploitable vulnerabilities. The Web Application Vulnerability Assessment is a comprehensive test which scans application source code in an attempt to exploit any vulnerabilities uncovered. The client is provided recommendations for strengthening the source code to reduce the possibility of exploits by an attacker which could lead to a serious compromise of the environment.
Q. A.
Why should a business test their web applications source code? Businesses should include regular source code testing as a part of their SDLC (Software Development Lifecycle) in order to build and maintain reliable and secure software applications. Testing web applications is more critical than other software, since web applications are exposed to millions of users through the internet.
Q. A.
When should a business test their web applications source code? Most businesses today don’t test software until a security breach has occurred or an attack has been discovered. This is not the most effective practice and contributes to higher software development costs and security risks. Older deployed web code often has previously released components for which vulnerabilities have been discovered and corrected in later versions. The Web Application Vulnerability Assessment will uncover current security vulnerabilities, but we recommend regular testing to improve application resilience as well as each time a revision to the software is made.
Q. A. Q. A. Q. A.
Does your assessment ensure web applications are more secure? The Web Application Vulnerability Assessment is a very comprehensive test of an applications source code and underlying software components against known vulnerabilities in the security industry. Architects have years of expertise and keep their security knowledge up to date to ensure they use the latest techniques during our assessments. Does your assessment make recommendations on how to “strengthen” the application source code? Yes. Our assessment will highlight possible vulnerabilities in a web applications source code and make specific remediation recommendations to strengthen the website. Our analysis includes comments that describe the root-cause of the source code weakness in an effort to help educate the programmer to write more secure code. What types of Web Application tests do you run? We utilize various industry best practices to test for many vulnerabilities such as SQL injection, cross site scripting, cross site request forgery, buffer overflows, weak authentication and improper data sanitization to name a few.
INGRAM MICRO PROFESSIONAL & TRAINING SERVICES (800) 456-8000, ext. 76094 [email protected] Learn more: www.ingrammicro.com/ptsplaybook Order services: www.ingrammicrolink.com
Web Vulnerability Assessment Q&A
Q. Does your assessment provide a consultation to go over the details of the final deliverable, in plain English, that will help you understand the overall document? A. Yes. In order to ensure that the Reseller understands the results, identified risks and recommendations, our team will explain the Web Application Vulnerability Assessment details to you when the Final Report is delivered, and make sure you understand the high level recommendations before meeting with your client. We can also participate on with call with your client should you desire. Q. A.
Does your assessment provide someone on-site? No. The Web Application Vulnerability Assessment does not require on-site work in order to conduct the assessment. The technical architect requires knowledge of the URL of the web application(s) to test and some host and network background detail may be required before the project begins.
052015REVB
Ingram Micro Professional & Training Services enables our partners to effectively deliver value to their clients throughout the entire technology lifecycle. We offer opportunities for solution providers to evaluate, discover, deploy, service and support new solutions as part of your team or as an independent partner. Q. A.
What is an Web Application Vulnerability Assessment? Web application testing is an assessment involving scanning application source code against known exploitable vulnerabilities. The Web Application Vulnerability Assessment is a comprehensive test which scans application source code in an attempt to exploit any vulnerabilities uncovered. The client is provided recommendations for strengthening the source code to reduce the possibility of exploits by an attacker which could lead to a serious compromise of the environment.
Q. A.
Why should a business test their web applications source code? Businesses should include regular source code testing as a part of their SDLC (Software Development Lifecycle) in order to build and maintain reliable and secure software applications. Testing web applications is more critical than other software, since web applications are exposed to millions of users through the internet.
Q. A.
When should a business test their web applications source code? Most businesses today don’t test software until a security breach has occurred or an attack has been discovered. This is not the most effective practice and contributes to higher software development costs and security risks. Older deployed web code often has previously released components for which vulnerabilities have been discovered and corrected in later versions. The Web Application Vulnerability Assessment will uncover current security vulnerabilities, but we recommend regular testing to improve application resilience as well as each time a revision to the software is made.
Q. A. Q. A. Q. A.
Does your assessment ensure web applications are more secure? The Web Application Vulnerability Assessment is a very comprehensive test of an applications source code and underlying software components against known vulnerabilities in the security industry. Architects have years of expertise and keep their security knowledge up to date to ensure they use the latest techniques during our assessments. Does your assessment make recommendations on how to “strengthen” the application source code? Yes. Our assessment will highlight possible vulnerabilities in a web applications source code and make specific remediation recommendations to strengthen the website. Our analysis includes comments that describe the root-cause of the source code weakness in an effort to help educate the programmer to write more secure code. What types of Web Application tests do you run? We utilize various industry best practices to test for many vulnerabilities such as SQL injection, cross site scripting, cross site request forgery, buffer overflows, weak authentication and improper data sanitization to name a few.
INGRAM MICRO PROFESSIONAL & TRAINING SERVICES (800) 456-8000, ext. 76094 [email protected] Learn more: www.ingrammicro.com/ptsplaybook Order services: www.ingrammicrolink.com
Web Vulnerability Assessment Q&A
Q. Does your assessment provide a consultation to go over the details of the final deliverable, in plain English, that will help you understand the overall document? A. Yes. In order to ensure that the Reseller understands the results, identified risks and recommendations, our team will explain the Web Application Vulnerability Assessment details to you when the Final Report is delivered, and make sure you understand the high level recommendations before meeting with your client. We can also participate on with call with your client should you desire. Q. A.
Does your assessment provide someone on-site? No. The Web Application Vulnerability Assessment does not require on-site work in order to conduct the assessment. The technical architect requires knowledge of the URL of the web application(s) to test and some host and network background detail may be required before the project begins.
052015REVB
