It is only after a system has been breached and losses have been incurred that most companies realize the importance of web security. Soon afterwards, they go around looking for the best web security service providers without realizing that the most effective, and indeed the best approach, is one that is proactive and defensive.

Hackers are always on the lookout for vulnerable systems and if yours is one, sooner or later it will get attacked. While it is recommended to maintain full security at all times, here we list a few web security vulnerabilities and fixes so you can address them instantly.

Vulnerability-Injection flaws

This is one most common type of problems and results from the failure to filter un-trustworthy input. It happens when unfiltered data is passed to the SQL server, to the browser, to the LDAP server or someplace else. Hackers can inject commands to these entities the result of which is hijacked browsers and loss of valuable data

Solution- Fortunately the solution in this case is pretty straightforward; but has a few implications of its own. While you can simply filter out input data from un-trusted sources, you have to filter it all. In a system of let’s say 10,000 inputs, filtering 9,999 is not enough. Usually, your own framework’s filtering functions do the job just fine.

Vulnerability- Sensitive or valuable data exposure

Data, whether in transit or stored is always vulnerable and therefore must be properly encrypted at all time. Moreover, sensitive information like passwords, bank account or credit card numbers and more must be hashed. In any case the algorithm must be a strong one.

Solution- In the case of stored data, encryption or hashing is the key. Make sure all payments are made using secure payment processors and any unwanted sensitive data is shredded. For transit data, using secure connections-HTTPS- along with secure flags on cookies are the way to go.

Vulnerability- Web server and application mis-configuration

This includes very basic yet very common mistakes like using default passwords or unnecessary services on the machines, running obsolete and outdated softwares, application running with debug enabled protection, having directories that leak information and more.

Solution- Using any legitimate build and deploy script or process can help you tackle almost all of these issues. If it is automated, that’s even better.

These are just a few of the hundreds and thousands of vulnerabilities that pose a 24/7 threat to your systems and, in turn, the business.

If you are looking to make your systems more secure, you should contact us. We provide comprehensive web and mobile application security testing and IT solutions for all types of businesses at affordable prices.

According to a research by comScore, the number of mobile internet users outpaced desktop internet users in 2015. As smartphones become more powerful, user-friendly and fast, this trend will likely continue in the future. As a result businesses, big and small, have now started optimizing their offerings for a more mobile friendly experience with the development of exclusive applications and responsive designs.

Consequently, the demand for more secure mobile applications, payment procedure, credential protection and more has also increased. With this, a number of new developments are taking place and new trends are emerging. Here, we shed light on a few mobile security predictions for the year 2016.

Password theft or reuse attacks will decrease

Advancement is biometric technology, coupled with the fact that more new mobile phones have finger printing scanners as a standard feature, are going to play a major role in enhancing data protection and security. Furthermore, the development of advanced password management software and backup solutions has also made it easy to access password repository quickly and safely. As a result, password theft cases and reuse attacks have decreased and will further decline in the future.

Google will step in

According to a research by Alcatel-Lucent in 2014, 0.68% of all mobile devices were infected with malware of which 99% were running on Android; the most widely used mobile operating system in the world. Considering the growing insecurities and efforts to enhancing mobile security, Google has decided to step in. In the future, it is likely to address these issues by clamping down on third party application stores, restrict permission to applications that have not undergone the proper Google Play submission process, develop security standards for apps and more.

iOS will become the next target for hackers  

As the number of iPhone users in the market increases, malware author and hackers in the very close future will turn their attention towards iOS. According to experts, the previously discovered “XcodeGhost” malware in a number of App store applications was just the beginning of what will happen. The first wave of target for these attackers will be the already vulnerable jailbroken iOS devices.

Regulatory and compliance policies will encapsulate mobile devices

Data security compliance practices in the future will include mobile devices as well. While certain countries like Canada and Hong Kong have already taken initiatives, it won’t be long till other countries catch up. Again, this is important because of the ever increasing number of smartphone users, and the rising popularity of hybrid devices- laptop/tablet, phone/tablet.

The need for mobile application security testing services will increase

As security becomes an important concern, companies will outsource and utilize web and mobile application testing and security services in the future, more than ever before. There is no doubt that consumers are becoming more conscious about safety and security of their private data. Who knows, this might just become the decisive factor as to whether a potential customer chooses to use your application or that of your competitor’s.

If you are looking to proactively adapt to the changing trends by making your mobile application more secure, contact us now because it just so happens that we are specialists in doing that.

In simple terms, web application testing is when an online business hires a security assurance service provider such as Lean Security to analyse and test their web applications for potential viruses or cyber threats – either before or during its availability to the World Wide Web.

The task of securing a web application from outside attacks is given to a professional application testing service provider for effective results. The importance of running precise security analysis on your web application shouldn’t be taken lightly; it is during this stage that major issues pertaining to web application security and its operation come are brought to light.

Web Application Testing Checklist

Security experts recommend hiring a professional for this very important job for a reason. Not only will they be better equipped in terms of automated tools, software and skilled expertise; but a professional web application testing will ensure that nothing is left to chance. They will conduct;

Functionality Testing

This is usually done to check if the specifications you intended for your product are met. The functional requirements in the web applications as per the developmental documentation are also checked. The testing analysis is done on;

v  All links (outgoing, internal, anchor, MailTo) in the web-pages to check if working correctly, with no broken links in place.

v  Forms

v  Cookies

v  HTML & CSS

v  Business Workflow

Usability Testing

This has become a vital part of any web based project and application. This is because conducting usability testing on the web application will let you know how easy it is to navigate for users and the target audience. Usability testing can either be carried out by experts, DIY testers or a small focus group that’s similar to the web application’s intended users. With the help of usability testing, online store owners and business can test;

v  Whether the web application is easy to navigate or not

v  Whether the content is easy to read/understand or not

Security Testing

This is by far the most important function carried by web application testing service providers. Why? Security testing of a web application holds vital importance for e-commerce websites as these online stores carry sensitive customer information. Lean Security conducts the analysis of and suggests businesses to keep a look at whether;

v  Unauthorized access is being given to secure pages by the current system

v  Restricted files are being downloaded without the appropriate access and authentication

v  Check sessions are killed automatically after long inactivity by users

v  Websites are being re-directed to encrypted SSL pages on usage of SSL certificates

By having a safe and secure web application, you will only be doing your online business a favour. Customers will prefer the extensive and seamless secure applications that can only be provided by a professional hand. Sign up for our services today!

The internet has created unlimited opportunities for organizations and companies when it comes to conducting important business transactions and sharing information on a global scale. New levels of security concerns have been brought in the forefront. This is because of the evolving nature of data and information. The sensitive nature of information, critical business applications and client’s private information (financial and otherwise) has come to be in even more risk than before.

Web application security testing ( for mobile apps as well) is therefore an essential requisite for businesses in order to give their clients and customers the peace of mind that only a secure and risk free software can provide. The experts at Lean Security provide the following areas that shouldn’t be over-looked when testing web and mobile applications for vulnerabilities.

Authentication

This is the first entry point that comes when accessing any application - web or mobile based. For effective operation of the application, the authentication should be spot-on. The application should be able to verify incorrect or changed passwords, have the ability to ‘lock up’ if user enters the wrong password a number of times, verify the password rules which are to be implemented on all authentication pages (registration, forgot password, changed password), etc.

Encryption

The security experts at Lean Security state the importance of information (password, account number, credit card numbers) to be displayed in an encrypted format. The cookie information on the other hand needs to be stored in encrypted format. HTTPS should be used and any data transmission over the network needs to be secured.

Session Management

The user shouldn’t be able to access or navigate the application when/if logged out from the system or upon expiration of the user session. The session values should also be displayed in an encrypted format in the address bar. Protocols need to be in place that prohibits the access of secure and unsecure web pages.

Error Handling

In the case of any non-functionality, the system shouldn’t display any exceptions/errors from any server, application or database information. Why? Because application errors often contain information not intended for the user/hacker to view. In its stead, the custom error page should be shown. For this proper exception and error handling is very important. Not conducting a proper job can lead to attacks and disclosure of system level details.

Proper execution of applications testing is absolutely crucial, which can only be carried out by a professional security expert such as Lean Security, the professional security and WAF managed service provider in Australia.