Web Application Assessment Services
The global adoption of Internet applications and Web 2.0 as a method of streamlining business communications presents a popular target for security risks and threats. Web vulnerabilities provide a serious challenge and have resulted in theft of credit cards, financial loss, and damage to the organization's reputation and image. In addition, these threats can also compromise browsers and Web sites, which puts customers, prospects, and business partners at risk as well.
SAINT’s Web application security assessment service identifies such vulnerabilities and then provides remediation to eliminate the risk of being attacked. Because Web applications change frequently and new vulnerabilities are discovered on a daily basis, it is important to continuously assess these threats and weaknesses in order to mitigate the risk of becoming the victim of a Web attack.
SAINT's Web application assessment deliverable provides step-by-step remedies for each vulnerability, benefiting security engineers, compliance auditors, Web administrator’s and developers.
SAINT provides thousands of checks for Web application vulnerabilities and includes testing for all items related to PCI Requirement 6.5.x and OWASP Top 10 listed below:
| PCI Requirement | OWASP Top Ten | Testing Requirement |
| 6.5.1 | A2-2010 | Cross Site Scripting (XSS) |
| 6.5.2 | A1-2010 | Injection (SQL, LDAP, and Xpath flaws) |
| 6.5.3 | A3-2007 | Malicious File Execution |
| 6.5.4 | A4-2010 | Insecure direct object references |
| 6.5.5 | A5-2010 | Cross-site request forgery (CSRF) |
| 6.5.6 | A6-2007 | Information leakage and improper error handling |
| 6.5.7 | A3-1020 | Broken authentication and session management |
| 6.5.8 | A9-2010 | Insecure cryptographic storage |
| 6.5.9 | A10-2010 | Insecure communications/transport layer protection |
| 6.5.10 | A7-2007 | Failure to restrict URL access |
| N/A | A6-2010 | Security misconfiguration |
| N/A | A8-2010 | Unvalidated redirects and forwards |