DigitalDefence
Home > Protect > Web Services Security

Web Services Security

web_svc

Is your website leaking data, or vulnerable to disfigurement by an attacker?

Can an attacker obtain personal data, credit card numbers, or medical information from your back-end network, or use a compromised website to gain access deep into your network?

Have attackers compromised your website, and are they using it to attack your clients and partners?



Websites, and the applications run through such sites, are your organization’s “public face” on the Internet. They are a critical part of your organization's business - customers, partners, and employees expect open access and high availability to be able to exchange data and conduct financial services. At the same time, hackers take advantage of the 24x7 availability to constantly probe your website with automated and manual attacks that originate from around the world.

The risks have increased in recent years due to the emergence of dynamic web applications that allow businesses to quickly develop and implement applications that can be accessed across the Internet. Because in-house and commercially-developed applications emphasize a speedy implementation rather than security, they frequently contain exploitable flaws.

Hackers are probing your website 24x7, looking for vulnerabilities in login pages, forms, dynamic content, and shopping carts to gain direct access to back-end databases. Exploited weaknesses can give an attacker an entrance to your internal network, putting all corporate data at risk. Attacks can also be focused against clients and others using the compromised website, damaging your corporate reputation and putting you at risk of liability.

DigitalDefence’s Web Service Security assessment uses experienced developers and security specialists to provide the following benefits:

  • Safeguard your corporate identity and protect confidential data that has been entrusted to you
  • Reduce or eliminate downtime of a valuable corporate resource
  • Ensure compliance with standards such as PCI DSS 6.6 (application code reviews) and 11.3.2 (application layer penetration tests)


Service Delivery

DigitalDefence's web services security assessment is based on internationally-endorsed standards and assesses the following items:

  • Policies, standards and procedures that relate to the web services operating environment
  • Analysis of the physical site containing the web server and the supporting components
  • Network and server architecture that directly support the web site, including the base operating system, all applications and middleware, and databases
  • Threat modeling, a structured process to identify and document possible security threats
  • Analysis of data leakage to the Internet and other connected networks
  • Website and associated web-enabled applications to identify misconfigurations and vulnerabilities
  • Functional review of any e-commerce or transactional applications
  • Static source code, if required
  • Review of backup, storage, and recovery procedures to ensure survivability of the site should a compromise occur

DigitalDefence also provides training in auditing websites and web services, as well as developer-focused training.

Datasheet – Web Services Security [149 kb]