SQS-Brand Protection
- Protect reputation
- Prevent loss of business
- Prevent e-shoplifting
- ZERO hardware and software costs
70% of web attacks happen at the application layer (source Gartner 2003)
75% of UK companies had at least one incident in the last year (source DTI Security Survey 2004)
33% of UK businesses and 66% of large businesses has at least one serious security breach in the last year (source DTI Security service 2004)
The average large company lost between £50,000 and £500,000 per incident in direct and incidental costs (source DTI Security Survey 2004)
The results of more than 300 Web Application Tests carried out over the last 12 months showed that 97% of sites had serious security flaws
What are the Security Issues to consider?
According to a recent Gartner report on security issues, 70% of all hacking attacks now occur at the application level. Recent interest and developments in security and hardening of the Network Layer have made it increasingly difficult for hackers to penetrate at this layer. Firewall Systems, SSL Encryption, IDS Systems, Strong Authentication and other implementations have made it so hard for hackers that other routes have become attack routes of choice.
Web based applications as part of e-Commerce and e-Business actively encourage the Internet Community to become customers. This is the reason for their existence after all. Once registered as a customer, use of the application means that hackers have instant access to the heart of the web site. Firewalls must be configured to allow web traffic or customers cannot access the applications. SSL Encryption merely guards the transport layer - effectively encrypting attacks and making it harder to track. IDS Systems are targeted purely at the network layer. Why try and break Strong Authentication when it is easy to become a customer with a valid user name and password?
Web-based applications have fundamentally changed the risks associated with traditional client-server applications as hackers can now see all the parameters used in server-side code - enabling them to bypass client-side validations.
This can result in hackers obtaining full control and access to information, modifying the content of the pages, hijacking transactions leading to privacy breaches and e-shoplifting - or even deleting or making the site totally unavailable.
Why use SQS-Brand Protection?
The response from businesses to security problems have been to turn to Ethical Manual Hacking combined with Penetration Testing. Whilst this has provided some assistance, the size and complexity of most applications make it impossible to cover more than a few of the possible avenues. The costs involved in this consultancy-based system are extremely high and also require several weeks of advance notice to conduct.
SQS-Brand Protection can be booked with 24 hours notice on the subscription service or 72 hours as a one-off test. The service covers ALL the possible application based security problems. No capital expenditure is required and no purchase of software is needed.
The automated approach of SQS-Brand Protection generates a large volume of test cases (as many as 100,000 for a complex application) and then applies them. Results are available immediately. The test cases are stored and form a considerable test asset. Re-test after further development is therefore very simple.
How does it work?
The latest, state-of-the-art test tools from world leading providers power SQS-WEBSECURE. This is uniquely combined with custom scripts and effective reporting and analysis of test results.
 |
Crawl SQS Brand Protection dynamically crawls a site to learn the web application Analysis Using an expert search engine, tens of thousands of test cases of potential hacks based on the latest methodologies Attack Each test is fired at the application and determines the resilience of the application and assigns success and severity ratings Reporting Predefined reports with customised information are generated. These include test reports that can be fed into Defect Management Systems. Solutions and fixes are also supplied as part of the report |
A Penetration Test can be carried out at the same time to test at the Network level.
| Features | Benefits | Business Impact |
| Remote testing over the Internet | No need for expensive on-site IT security consultants | Save costs. Increased Brand Protection due to ability to conduct regular web security testing. |
| Tests Conducted through a VPN connection | Internal web applications can be tested. | Prevents the exposure of internal private servers and networks to the Internet. |
| Book tests on demand 24/7 | Meet urgent software release testing deadlines, with just 24 hours notice - day or night. | Ensures that all software fixes and upgrades are security tested prior to release. Increased brand protection. |
| Subscription Services | Very low testing costs. | Very low subscription costs permits the lifecycle testing of all web applications at a reasonable cost. Increased brand protection at lower costs. |
| Low Usage | Reasonably priced single and repeat test without having to make any annual commitments | Low cost evaluation of the service or where only low usage is required. |
| Test Template | Users can define the areas of an application they want tested and the types of tests to conduct. | Users can retain control on the test process without the need to be IT security experts. |
| Internet Web Application | Users book and control their testing requirements with zero software and hardware costs. | Save costs, time and more responsive to demand. |
| Managed Service | Leaves all the actual testing to Managed Service 24/7 control centre. | Save on staffing, training and equipment costs. |
Deliverables
- Web Application Testing delivered 24/7 on demand
- Subscription or On-Demand service as required
- User defined templates of areas of application to be tested
- User control of testing requirements with zero software and hardware costs
- User modification or creation of test templates at any time
- Significant test asset delivered to client for future use
- Detailed report with complete list of vulnerabilities and suggested remedial actions for each vulnerability