English
  • Russian
  • Korean
  • Support
Positive Technologies
English
  • Russian
  • Korean
  • Solutions
    ICS/SCADA

    Critical infrastructure on the frontline

    Vulnerability Management

    Stop being an easy target

    Financial Services

    Can your security keep up with you?

    Protection from targeted attacks (anti-apt)

    Early detection, rapid investigation

    PT Industrial Cybersecurity Suite

    PT ICS is an integrated platform for cyberthreat detection and response in industrial systems

    Utilities

    Industrial-grade cybersecurity

    ERP Security

    Take control of your ERP security

    Security Compliance

    Turn policies into protection

    View all →
  • Products
    MaxPatrol 8

    Vulnerability and compliance management system.

    MaxPatrol SIEM

    Knows your infrastructure, delivers pinpoint detection.

    PT Application Firewall

    Intelligent protection of business applications.

    PT Application Inspector

    Source code analysis tool.

    PT ISIM

    Cyberthreat detection and incident response in ICS.

    PT Network Attack Discovery

    NDR system to detect attacks on the perimeter and inside the network.

    PT Sandbox

    Advanced sandbox with customizable virtual environments

    XSpider

    Vulnerability scanner.

    MaxPatrol VM

    Next-generation vulnerability management system.

    MaxPatrol SIEM All-in-One

    Full-featured SIEM for mid-sized IT infrastructures.

    PT MultiScanner

    Multilayered protection against malware attacks.

    PT BlackBox

    Dynamic application security testing tool

    View all →
  • Services
    ICS/SCADA Security Assessment

    Full Range of ICS-specific Security Services

    ATM Security Assessments

    Uncover Your Weaknesses

    Web Application Security Services

    Black Box and White Box Analysis

    Mobile Application Security Services

    Security Analysis and Compliance Audit

    Custom Application Security Services

    Independent Expert Analysis of Your Source Code

    Penetration Testing

    A Comprehensive Approach

    Forensic Investigation Services

    Prevent Future Incidents

    Advanced Border Control

    Upgrade Your View of Perimeter Security

    View all →
  • Analytics
    Threatscape
    PT ESC Threat Intelligence
    Cybersecurity glossary
    Knowledge base
    View all →
  • Partners
  • About
    Clients
    Press
    News
    Events
    Contacts
    Documents and Materials
    View all →
Menu
  • Home
  • Services
  • Web Application Security Services

Web Application Security Services

Black Box and White Box Analysis

About Service

Research by the experts at Positive Technologies shows that up to 90% of web applications contain medium- to high-risk security flaws. In fact, the same research found vulnerabilities of some kind in every single application tested. That’s hardly surprising when you consider that—unlike the operating systems, databases, and application software typically used on corporate networks—web applications are often created in-house by companies with little to no experience in developing commercial software. All too often, developers consider security only as an afterthought or not at all.

Even worse, vulnerabilities in web apps are typically much easier to locate and exploit. So it’s little wonder that websites are now the entry point of choice for hackers and cyberthieves. Mistakes or omissions made in the course of developing and deploying applications can enable attackers to copy or modify information in corporate databases, carry out fraud ("phishing" and "pharming"), penetrate a company’s internal network, and much more.

At Positive Technologies, our experts are actively involved in identifying the world’s most critical web application security flaws through ongoing hands-on research and contributions to security projects such as OWASP TOP 10, Web Application Security Consortium Threat Classification and Common Vulnerability Scoring System (CVSS).

Positive Technologies Web Application Security Tests involve detailed analysis of an application’s design, networking, operating system settings, external data sources, data warehousing, authorization mechanisms, and authentication components. We can perform an analysis from the perspective of an outside intruder ("black box") and by analyzing the source code itself ("white box"). And if you've already fallen victim to a web attack, or have detected any anomalies in your applications, we can provide incident response services to verify the problem. In all cases, our experts will provide detailed recommendations for fixing the flaws they find.

An assessment typically follows these steps:

  • Determine the analysis method (black box, white box, or a combination of both)
  • Conduct automated and manual audits and inspections for individual types of vulnerabilities
  • Analyze the characteristics of identified vulnerabilities (for example: complexity of use, availability, methods of operation, and potential damage in the event of an attack)
  • Create scenarios that could be used by an actual attacker, and build and execute simulated attacks
  • Attempt to exploit the most critical vulnerabilities through a series of coordinated attacks
  • Review logs from the web application to verify whether a suspected incident has occurred and, if so, identify the specific vulnerabilities that were exploited
  • Assess outcomes and present recommendations to address identified weaknesses

Results

The key deliverable from our testing is a report, which details:

  • Test methodology
  • Explanations for all identified vulnerabilities
  • Likely success/impact of hacker exploitation of the most critical vulnerabilities identified
  • Recommendations to mitigate the identified vulnerabilities, including those which may have already led to a confirmed incident

Positive Technologies may also provide sample application code to illustrate how the detected vulnerabilities could be eliminated, as well as guidance on web application firewall security policies and features.

Contact us

By clicking Send you give your free and explicit consent to process your personal data and agree to our Privacy Policy

Company Services

  • ICS/SCADA Security Assessment
  • ATM Security Assessments
  • Mobile Application Security Services
  • Custom Application Security Services
  • Penetration Testing
  • Forensic Investigation Services
  • Advanced Border Control

Company Products

  • MaxPatrol VM
  • PT Sandbox
  • MaxPatrol SIEM All-in-One
  • XSpider
  • PT Network Attack Discovery
  • MaxPatrol SIEM
  • PT BlackBox
  • MaxPatrol 8
  • PT Application Firewall
  • PT Application Inspector
  • PT ISIM
  • PT MultiScanner
Solutions
  • ICS/SCADA
  • Vulnerability Management
  • Financial Services
  • Protection from targeted attacks (anti-apt)
  • PT Industrial Cybersecurity Suite
  • Utilities
  • ERP Security
  • Security Compliance
Products
  • MaxPatrol 8
  • MaxPatrol SIEM
  • PT Application Firewall
  • PT Application Inspector
  • PT ISIM
  • PT Network Attack Discovery
  • PT Sandbox
  • XSpider
  • MaxPatrol VM
  • MaxPatrol SIEM All-in-One
  • PT MultiScanner
  • PT BlackBox
Services
  • ICS/SCADA Security Assessment
  • ATM Security Assessments
  • Web Application Security Services
  • Mobile Application Security Services
  • Custom Application Security Services
  • Penetration Testing
  • Forensic Investigation Services
  • Advanced Border Control
Analytics
  • Threatscape
  • PT ESC Threat Intelligence
  • Cybersecurity glossary
  • Knowledge base
Partners
About
  • Clients
  • Press
  • News
  • Events
  • Contacts
  • Documents and Materials
Positive Technologies
Copyright © 2002—2023 Positive Technologies. All Rights Reserved.
Find us:
  • Report a vulnerability
  • Help Portal
  • Terms of Use
  • Privacy Notice
  • Cookie Notice
  • Positive Coordinated Vulnerability Disclosure Policy
  • Sitemap
Copyright © 2002—2023 Positive Technologies. All Rights Reserved.
  • Report a vulnerability
  • Help Portal
  • Terms of Use
  • Privacy Notice
  • Cookie Notice
  • Positive Coordinated Vulnerability Disclosure Policy
  • Sitemap