The methodology we follow focuses on the manual analysis of the most critical modules involving user interactions, and then on the automatic analysis of the entire codebase. We also assess the ease of maintenance, the readability and the quality of the code.
The following aspects are taken into account.
It is of utmost important to eliminate the possibility of any code injection, that an attacker could use to alter the normal flow of command execution and access any restricted data or the underlying system. As such, an application must (amongst other things):
Amongst the various controls we do to ensure the quality of the partitioning of the user authentications and sessions within the audited application, one can find:
Applications often use resources identifiers within the generated web pages. If no control is done when a resource access is requested, a non-secure direct reference issue can happen. Algosecure will prevent such type of attacks:
An attacker can try to use default accounts, access un-used pages, use non-patched vulnerabilities, files and folders available without any prior authentication step, or non crypted information.
It is therefore paramount to ensure the quality of the security configuration, and an adequate setup allowing the protection of the data and resources exposed on the network.
General hardening rules:
Sensitive data (such as Personally Identifiable Information (PII), passwords, payroll, etc...) must be crypted prior to be stored. Algosecure will assess the strength of the encryption algorithm, and will check that:
Specialists in information security and pentest in Lyon, Paris, Saint-Etienne and throughout France
You've enabled "Do Not Track" in your browser, we respect that choice and don't track your visit on our website.