• Skip to primary navigation
  • Skip to main content
  • Skip to footer
ControlCase No Tag LOGO md

ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

  • Company
    • About Us
    • Careers
    • Locations
    • Team
  • Industries
    • Business Process Outsourcing
    • Cloud Service Providers
    • Retail
    • Telecom | Entertainment
  • Certifications
    • PCI DSS Certification
    • CSA STAR Certification
    • GDPR Assessment
    • HIPAA Assessment
    • HITRUST Certification
    • ISO 27001 Certification
    • FedRAMP 3PAO Services and NIST 800-53
    • CMMC Compliance: NIST 800-171
    • MARS-E Assessment
    • P2PE Certification
    • PA DSS Certification
    • SOC2 Report
  • Solutions
    • Continuous Compliance Solution
    • One Audit
    • Card Data Discovery Software
    • Data Security Rating
  • Testing
    • Application Reviews
    • Application Security Training
    • Code Reviews
    • Card Data Discovery
    • External Vulnerability Scans
    • Firewall Security Reviews
    • Internal Vulnerability Scans
    • Log Monitoring
    • Penetration Testing
  • Resources
    • Events
    • News
    • Webinars
    • Courses
    • Newsletters
    • Blog
  • Contact Us

Application Reviews

Request DatasheetRequest QuoteRequest Demo
You are here: Home / Services / Application Reviews

Application Security Review and Testing

The objective of the ControlCase application test is to quantify the level of security exposure in your application environment. The application test is a security assessment of an application against specific application security criteria such as those defined by Open Web Application Security Project (OWASP). The assessment consists of tools based testing, but the majority of the assessment is done manually with a web browser or designated client software.

Tools Based Application Testing

As part of the application penetration testing, ControlCase will:

  • Run application testing tools (such as Acunetix) in multiple modes, in ascending intensity;
  • Platform only;
  • Unauthenticated safe;
  • Authenticated full (multiple user levels);
  • Run a vulnerability testing tool to perform platform security testing;
  • Run port scanners, Nessus and any other applicable tools;
  • Manually verify all vulnerabilities for validity and impact;
  • Save all vulnerability results for future reference.

Manual Application Testing

As part of this phase of the application testing, ControlCase will:

  • Use a local web-proxy to intercept and log all traffic;
  • Paros, WebProxy, Spike, Achilles, etc.
  • Walkthrough the entire application, logging everything for later reference;
  • Test every URL, form-field and cookie parameter;
  • Validate security vulnerabilities through application penetration testing.

ControlCase will also review the security of each of the following areas within the application:

  • Input validation (Server side and client side): SQL Injection, Cross Site Scripting (XSS), HTML Injection, Overflows
  • Access Control: Privilege Escalation, Profile Hoping, Forceful Browsing
  • Password Policy: Password Strength, Password Resetting
  • Session Management: Session Variable Strength, Session Timeout, Cookie Variables
  • Security Configuration: Web/Application Server, Account Lockout
  • Authentication Mechanism
  • Encryption: SSL, Cipher Strength, Data Encryption
  • Error Messages: Verbose Errors, Error Generation, Debug Information
  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Footer

Connect

Corporate Headquarters
12015 Lee Jackson Memorial Hwy, Suite 520, Fairfax, VA 22033

Send us a message

Call Us

About Us

ControlCase is a United States based company, headquartered in Fairfax, Virginia with locations in North America, Europe, Latin America, Asia/Pacific and the Middle East to serve our clients globally.

Quick Links

  • Company
  • Team
  • Careers
  • Locations
  • Covid-19 Notice

Certifications, Assessments and Reports

  • PCI DSS Certification
  • CSA STAR Certification
  • GDPR Assessment
  • HIPAA Assessment
  • HITRUST Certification
  • ISO 27001 Certification
  • FedRAMP and 3PAO Services
  • MARS-E Assessment
  • P2PE Certification
  • PA DSS Certification
  • SOC2 Report

© ControlCase LLC 2023 | Privacy Policy | Impartiality Statement | Legal Notices