With the arrival of the E-Commerce, the companies use always more the web to promote and sell their products and/or services. The Digital Security Department of P & P INVESTIGAZIONI S.r.l. plays therefore an activity of prevention and security on all the web applications that the companies are equipped.
The intervention provides a scan and a monitoring of all the sections present on the web applications, with a particular attention to the one protected by username and password that, if discovered, will permit the access to services offered through the computer protocol HTTP o HTTPS.
The intervention involves the following security fields:
- Scan of sensitive data sent through the application program, exposed to the risk of wire-tap by the side of ill-intentioned person, through the examination of the HTML code, of the script or of any information attainable by possible mechanisms of debugging;
- In-depth analysis of the interactive domains between the application and the user, in order to identify possible gaps created by input (un)voluntarily inserted;
- Authentication Methods;
- Resolution of problems related to a specific section, such as, for example timeout, logout, hijacking, login through addresses not confirmed, etc...
- Validation and alterability of data;
- Implementation of commands in places unexpected of the application that for example, through specific strings SQL, could bring to the direct manipulation of the Database, with the possibility of capture, modification and cancellation of data on it
- Inappropriate interaction or not corrected with the Operating System (shell escare).