General idea
WEB application audit is a service, allowing you to evaluate your
web applications security in aspect of clients and the company
itself. The essence of this work is trying to bypass the
existing security model and to reach administrative right
or any other type of level that could help potential hackers
to compromise the system. During the operation, real
vulnerabilities are discovered, that could be used to attack
your company. These attacks are targeted to ruin
companies corporate image, steal confidential data or even
infiltrate the companies intranet. Service result is a report
covering discovered problems, ways of their exploitation
and rational fixing solutions.

 

Service specification
Web application audit can be performed in a few different
ways: first method of testing is “Blackbox” testing. During
an audit that is based on this principle “Critical Security“
analysts penetrate the web system without having any
access to the source code or the server: actions and
resources used to discover vulnerabilities are equivalent to
those used by hackers to achieve harmful goals.

Another way of vulnerability identification is the web
applications source code analysis: “Critical Security“
analysts are given the access to the applications source
code. It helps to find problems that lay “deep” (logical
errors, backdoors left by developers, etc.), that might
not be touched during the “Blackbox” testing. Hence this
method is more effective, although it consumes much
more time and resources. It is recommended to perform
the code analysis if the maximum security level needs to
be reached.