Web application security analysis

Vulnerability assessment services

Are your web applications and services safe?

Web applications, being often exposed in the wild, are continuously subject to scans and attack attempts. A number of highly automatized tools and services is in fact available; this allows also the less experienced hostile users to identify trivial bugs and vulnerabilities in the applications and eventually to exploit them. When this happens, the application and the data it manages are put at a high risk, since the is barrier to overcome to compromise the application results very low.
Pluribus One evaluates the vulnerability of your business,

elaborates a mitigation plan to stop vulnerabilities,

provides concrete services to solve your security problems


Pluribus One web security services use an incremental approach that involves the simulation of an "attacker" with an increasing level of skills, tools, time, money and information, as shown in the next figure, according with the NIST 800-30 standard, and the OWASP Security Verification Standard.
BASIC Attacker
No specific hacking skills.
Probability to exploit vulnerabilities: HIGH
INTERMEDIATE Attacker
Not common hacking skills.
Probability to exploit vulnerabilities: NOT RARE
ADVANCED Attacker
Rare hacking skills.
Probability to exploit vulnerabilities: LOW
Probability to exploit vulnerabilities

Why attacker's level and probability to exploit vulnerabilities are inversely proportional each other?
A little follow-up

Attacker level: BASIC. Probability: HIGH
Attacker level: INTERMEDIATE. Probability: NOT RARE
Attacker level: ADVANCED. Probability: LOW

Need more details?
Ask more

Our solutions

Pluribus One offers 3 different levels of services for web application security analysis: Basic, Intermediate, Advanced. The analysis activity involves the emulation of one or more attacker levels, starting from the Basic level.

Evaluations and services are intended as incremental: the Intermediate level services include those provided in the Basic level; Advanced level services include those provided for the two previous levels.

Basic


According to OWASP standards, this level of analysis is recommended for applications and web services with a low critical level (applications that do not manage sensitive data).

The analysis activity provides the customer with a technical report with a complete description of the vulnerabilities found, the related impact and the consequent level of associated risks.



The customer can request a concrete mitigation plan to face the found vulnerabilities.


For each mitigation measure Pluribus One can also provide, directly or through its partners, mitigation services and tools.
The total cost of the services depends on the interventions foreseen in the mitigation plan.


Intermediate


According to OWASP standards, this level of analysis is recommended for applications that manage sensitive data and require necessary protection. It is the recommended level for most of applications on the web.

Intermediate level solutions include those provided in the Basic level.

The analysis activity provides the customer with a technical report with a complete description of the vulnerabilities found, the related impact and the consequent level of associated risks.

The Intermediate level of analysis includes two categories: standard Content Management System (CMS) or custom application. Currently, the most widely used CMSs are Drupal, Wordpress, and Joomla. Given the widespread use of these platforms, it is possible to find public information regarding the security issues that may affect this kind of applications.

Conversely, in the presence of a custom application, the analysis of the service and the identification of vulnerabilities requires, compared to a conventional CMS, a manual verification by the operator and therefore much more effort.



The customer can request a concrete mitigation plan to face the found vulnerabilities.
Similarly to what reported in the description of the analysis phase, the preparation of the Intermediate mitigation plan strongly depends on the typology of web application: the mitigation plan (and its related effort) changes if the service to be analyzed is provided through a standard Content Management System (CMS) or if it is provided through a custom application.


For each mitigation measure Pluribus One can also provide, directly or through its partners, mitigation services and tools. The total cost of the services depends on the interventions foreseen in the mitigation plan.

Similarly to what reported in the description of the previous phases, the Intermediate mitigation services strongly depend on the typology of web application: the mitigation service (and its related effort) changes if the service to be analyzed is provided through a standard Content Management System (CMS) or if it is provided through a custom application.

Advanced


According to OWASP standards, this level of analysis is recommended for critical applications and web services: applications that perform transactions of high economic value or contain sensitive medical data. It is the recommended level for applications that require very high levels of trust between the provider of the web service and the customer.

Advanced level solutions include those provided in the Essential and Intermediate levels.

The analysis activity provides the customer with a technical report with a complete description of the vulnerabilities found, the related impact and the consequent level of associated risks.
A custom quote is required for this activity.



The customer can request a concrete mitigation plan to face the found vulnerabilities.
A custom quote is required for this activity.


For each mitigation measure Pluribus One can also provide, directly or through its partners, mitigation services and tools. The total cost of the services depends on the interventions foreseen in the mitigation plan.
A custom quote is required for this activity.


Pluribus One evaluates with you the analysis level that best suites your needs.
Contact us through the form on the right to obtain a customized quote.

Our staff will contact you as soon as possible.


Or write us by e-mail using the button below
.

Your privacy is our priority.
By filling out the following form you declare that you agree with our Privacy Policy and our Terms of Service.

Info

Pluribus One S.r.l.

Via Bellini 9, 09128, Cagliari (CA)

info[at]pluribus-one.it

PEC: pluribus-one[at]pec.pluribus-one.it

 

Legal entity

Share capital: € 10008

VAT no.: 03621820921

R.E.A.: Cagliari 285352


 

University of Cagliari

  Pluribus One is a spin-off

  of the Department of

  Electrical and Electronic Engineering

  University of Cagliari, Italy

 

© 2020 Pluribus One s.r.l. All Rights Reserved.

Please publish modules in offcanvas position.