Application Security

MDSec has published advisories, whitepapers, tools and
publications in this field, including the popular Web
Application Hacker’s Handbook and related training courses.

Expert assessment from the company behind The Web Application Hacker’s Handbook

As the front door to many organisations’ digital offering, web applications deserve the utmost attention in security.
MDSec live and breathe application security, as authors of the leading Web Application Hacker’s Handbook series, backed by our globally delivered training for both attackers and defenders over the best part of a decade.
MDSec’s application assessment methodology spans 80 pages of our 780-page book, which has sold over 45,000 copies worldwide. To complement this rigor and depth, our consultants are all programmers, and regularly write custom burp extensions and test harnesses during engagements to allow interaction with custom or non-standard applications, data encapsulation or web services.

MDSec’s application security services can extend beyond penetration testing to provide deeper assurance in your key applications.

Ready to engage with MDSec?

Speak to one of our industry experts and find out how MDSec can help your business.

+44 (0) 1625 263 503
contact@mdsec.co.uk

We can help

MDSec’s experience in application security covers multiple disciplines to gain the right depth of assurance in your applications, including

  • Web application, web service assessment
  • DevOps pipeline assessment
  • Security training for development, QA, and project teams
  • Application security briefings
  • Virtual team member augmentation
  • Secure SDLC assessment and support activities
  • Code review
  • Architecture and requirements validation

Our code reviews can pinpoint remotely exploitable flaws which simply cannot be found in black-box assessments.

Access to code allows security assessment to pinpoint numerous classes of potentially high-risk flaws which would not otherwise be visible, including:

– Unreferenced API methods, endpoints or parameter values with powerful functionality, which are callable but not displayed in the UI;

– Vulnerable code paths, which may be seldom encountered within normal application usage;

– Vulnerable server-side calls which may allow onward compromise but do not display significant feedback to the attacker as to their operation (examples could include “blind injection” bugs or logging of sensitive data on the server side);

– Any subtleties in the code which may need submission of specially crafted attacks in order to trigger exploitation, such as code which manipulates input in a specific way.

 

Get in touch

Contact Us
Copyright 2020 MDSec