Secure Web Development & Core Web Security

OWASP + Custom Web Assessment

OWASP + Custom web assessment, is the process of applying proven frameworks to analyse existing web applications. Custom web assessments are imporatnt as each entity needs to be assessed on particular needs. Examples are:

  • Financial services may need to have their suppliers assessed
  • Sensitive data transmitted to data repositories
  • Encrypted transmissions
  • Sensitive data storage

The list can be exhaustive, however the OWASP framework is a proven standard to baseline all reports.

Secure Web Development

Secure web development, is a particular way of developing software from the ground up. Some of the items we work with are:

  • Supply chain weaknesses
  • 3rd party software security assessments
  • Cloud security recommendations
  • Framework security recommendations

The above are methods to start the process, we also pen-test the software developed.

Website Pen-testing Report

Website Pen-testing Report, is the process of stress testing your website and all enterprise linked assets.

Web pen-testing can be applied to public facing websites and non-public facing websites. Non-public facing websites can be found through reconnaissance scans via interlinked assets or force scanned (bypassing robots.txt file or no crawl files).

See https://delcorpdata.com.au/penetration-testing/ for more information.  

Secure Sockets Layer (SSL)

Secure Sockets Layer (SSL), is a proven technology which encrypts data in transit. SSL is mandatory in Payments Card Industry (PCI) compliance and good practice for any sensitive information.

SSL is applied at the servers end with all data which the website transm,its should be secured.

SSL certificates can be applied over one, two and three years.

 

Need core web security advice?