Web Server Tests
The number of UK businesses transacting online is at an all time high. Whether it is on-line retailers selling
direct to consumers, or businesses providing extranet type services to their trading partners, there is a growing
trend to bring more and more functionality to the Internet browser. Many of these transactions are delivered over
secure HTTPS connection streams. Although this brings more security to the end user, it does mean that a malicious
user can send encrypted traffic to the web server that cannot be seen by many traditional security controls.
Web Server Tests are designed to assess all types of web server, ranging from static brochure ware websites to all
encompassing transactional e-commerce environments. Nettitude focuses on looking at the application logic that has
been built in to the web site, and pays particular attention to any aspect of the environment that allows a user to
enter input.
Web Server tests will assess an environment for server side attacks such as SQL injection and Blind SQL injection.
In addition tests will assess an environment for client side attacks, such as Cross Site Scripting exposures which
could allow an attacker to manipulate the clients that access your infrastructure. Nettitude will assess the design
of a web infrastructure, including the use of cookies and logon forms, as well as the way in which data is encrypted,
the way in which content is displayed, and the error messages that are displayed when invalid pages, commands or input
is entered in to the environment.
Nettitude uses a number of spidering techniques to capture information about the users, clients & suppliers that
access your web infrastructure. Through using a blended approach to web assessment, our Consultants use this
information to see if we can traverse or bypass your authentication controls to gain deeper access in to your web
server application infrastructure.
Nettitude can provide advice and guidance on how you can improve the security of your web application software.
In many instance, we can provide software development services to fix application logic or write input validation
controls to protect the environment from malicious Internet users.