Web application security analysis
Are your web applications and services safe?
elaborates a mitigation plan to stop vulnerabilities,
provides concrete services to solve your security problems
Pluribus One web security services use an incremental approach that involves the simulation of an "attacker" with an increasing level of skills, tools, time, money and information, as shown in the next figure, according with the NIST 800-30 standard, and the OWASP Security Verification Standard.
BASIC Attacker
INTERMEDIATE AttackerProbability to exploit vulnerabilities: NOT RARE
ADVANCED AttackerProbability to exploit vulnerabilities: LOW
Why attacker's level and probability to exploit vulnerabilities are inversely proportional each other?
A little follow-up
Our solutions
Pluribus One offers 3 different levels of services for web application security analysis: Basic, Intermediate, Advanced. The analysis activity involves the emulation of one or more attacker levels, starting from the Basic level.
Evaluations and services are intended as incremental: the Intermediate level services include those provided in the Basic level; Advanced level services include those provided for the two previous levels.
Basic
- Security analysis BASIC level
- Risk mitigation plan BASIC level (optional)
- Mitigation services BASIC level (optional)
According to OWASP standards, this level of analysis is recommended for applications and web services with a low critical level (applications that do not manage sensitive data).
The analysis activity provides the customer with a technical report with a complete description of the vulnerabilities found, the related impact and the consequent level of associated risks.
The customer can request a concrete mitigation plan to face the found vulnerabilities.
For each mitigation measure Pluribus One can also provide, directly or through its partners, mitigation services and tools. The total cost of the services depends on the interventions foreseen in the mitigation plan.
Intermediate
- Security analysis INTERMEDIATE level
- Risk mitigation plan INTERMEDIATE level
- Mitigation services INTERMEDIATE Level
According to OWASP standards, this level of analysis is recommended for applications that manage sensitive data and require necessary protection. It is the recommended level for most of applications on the web.
Intermediate level solutions include those provided in the Basic level.
The analysis activity provides the customer with a technical report with a complete description of the vulnerabilities found, the related impact and the consequent level of associated risks.
The Intermediate level of analysis includes two categories: standard Content Management System (CMS) or custom application. Currently, the most widely used CMSs are Drupal, Wordpress, and Joomla. Given the widespread use of these platforms, it is possible to find public information regarding the security issues that may affect this kind of applications.
Conversely, in the presence of a custom application, the analysis of the service and the identification of vulnerabilities requires, compared to a conventional CMS, a manual verification by the operator and therefore much more effort.
The customer can request a concrete mitigation plan to face the found vulnerabilities.
Similarly to what reported in the description of the analysis phase, the preparation of the Intermediate mitigation plan strongly depends on the typology of web application: the mitigation plan (and its related effort) changes if the service to be analyzed is provided through a standard Content Management System (CMS) or if it is provided through a custom application.
For each mitigation measure Pluribus One can also provide, directly or through its partners, mitigation services and tools. The total cost of the services depends on the interventions foreseen in the mitigation plan.
Similarly to what reported in the description of the previous phases, the Intermediate mitigation services strongly depend on the typology of web application: the mitigation service (and its related effort) changes if the service to be analyzed is provided through a standard Content Management System (CMS) or if it is provided through a custom application.
Advanced
- Security analysis ADVANCED level
- Risk mitigation plan ADVANCED level
- Mitigation services ADVANCED level
According to OWASP standards, this level of analysis is recommended for critical applications and web services: applications that perform transactions of high economic value or contain sensitive medical data. It is the recommended level for applications that require very high levels of trust between the provider of the web service and the customer.
Advanced level solutions include those provided in the Essential and Intermediate levels.
The analysis activity provides the customer with a technical report with a complete description of the vulnerabilities found, the related impact and the consequent level of associated risks.
A custom quote is required for this activity.
The customer can request a concrete mitigation plan to face the found vulnerabilities.
A custom quote is required for this activity.
For each mitigation measure Pluribus One can also provide, directly or through its partners, mitigation services and tools. The total cost of the services depends on the interventions foreseen in the mitigation plan.
A custom quote is required for this activity.
Pluribus One evaluates with you the analysis level that best suites your needs.
Contact us through the form on the right to obtain a customized quote.
Our staff will contact you as soon as possible.
Or write us by e-mail using the button below.
By filling out the following form you declare that you agree with our Privacy Policy and our Terms of Service.
