Website Security Certification Service

Our consulting services, are helping Secure Critical National Infrastructure for NTPC and CDAC.

To get more information on Security Brigade's Professional Services, Contact Us.

Introduction

For any user the security of their online activity is of paramount importance. Having the "Website Security by Security Brigade" mark assures your site visitors that the website meets stringent security standards and is resistant to any attacks from hackers.

In addition Security Brigade's certification program helps your application meet various industry and regulatory standards (ISO 27001, PCI DSS, RBI, NSE, etc).

  • Expert managed, safe simulations of typical internet and insider threats, impact monitoring and easy to understand reports with corrective actions and best-practice recommendations.
  • Improved Confidence and Security among customers, employees and partners.
  • Informative Reports focused on helping you understand your information security posture, in-relation to industry benchmarks and expectations.
  • In-House Research and Development that allows us to provide unique and cost-effective solutions to complex problems.
  • Superior Level of confidentiality, integrity and availability of organizational information in-order to facilitate maintenance of competitive edge, cash-flow, profitability and corporate reputation.
Some of Our Unique Value Propositions
Experience
Consultants are certified with industry recognized IS Certifications (eg: eCPPT, SANS, CISSP).		 Free Re-Testing
Ensures vulnerabilities are completely closed.
Customized Reports
Designed to help developers understand issues for the long-term.		 Hybrid Approach
Unique combination of manual and proprietary automated processes.
Identifying the "True Impact"
Identify the real-world impact of threats against your IT infrastructure.		 Enhanced Remediation
Detailed remediation information for your specific infrastructure.

Criteria

The Security Brigade Certification criterion was developed to secure critical application services from exploitation or attack. The application undergoes rigorous testing to make sure that its free from any vulnerability.

In order to attain the Security Brigade Certificate the application should completely satisfy the entire set of baseline criteria listed in the Certification Document. Some of them are listed below:

OWASP Top 10

The OWASP Top Ten lists the most critical web application security flaws. It is based on information shared by security experts around the world.

[+] Read More

  • A1: Injection
  • A2: Cross-Site Scripting (XSS)
  • A3: Broken Authentication and Session Management
  • A4: Insecure Direct Object References
  • A5: Cross-Site Request Forgery (CSRF)
  • A6: Security Misconfiguration
  • A7: Insecure Cryptographic Storage
  • A8: Failure to Restrict URL Access
  • A9: Insufficient Transport Layer Protection
  • A10: Unvalidated Redirects and Forwards

WASC Threat Classification

The WASC Threat Classification is an effort to classify the weaknesses and attacks that can lead to the compromise of a website, its data, or its users. It was developed to promote industry standard terminology for describing these issues.

[+] Read More

  • Abuse of Functionality
  • Brute Force
  • Buffer Overflow
  • Content Spoofing
  • Credential/Session Prediction
  • Cross-Site Scripting
  • Cross-Site Request Forgery
  • Denial of Service
  • Fingerprinting
  • Format String
  • HTTP Response Smuggling
  • HTTP Response Splitting
  • Integer Overflows
  • LDAP Injection
  • Mail Command Injection
  • Null Byte Injection
  • OS Commanding
  • Path Traversal
  • Predictable Resource Location
  • Remote File Inclusion (RFI)
  • Routing Detour
  • Session Fixation
  • SOAP Array Abuse
  • SSI Injection
  • SQL Injection
  • URL Redirector Abuse
  • XPath Injection
  • XML Attribute Blowup
  • XML External Entities
  • XML Entity Expansion
  • XML Injection
  • XQuery Injection

Business Logic Flaws

Business logic is a set of rules, processes and algorithms created to carry out specific function on a website. Malicious users can manipulate these business logic for personal gain if not properly sanitized.

[+] Read More

  • Online Transaction Manipulation
  • Email Flooding
  • SMS Flooding
  • User Account Hijack
  • Brute force user accounts
  • Captcha Bypass

In addition to the above listed requirements; Security Brigade rigorously tests web-applications for a host of other vulnerabilities. Download the Certification Criteria document for complete details.

Case-Studies

Website Security Certification Service for a Billing Management Software


Security Brigade conducted a Website Security Certification Services for a Billing Management Software Company. This case study highlights the techniques and processes implemented to meet the Client's key business goals while helping them validate their security controls to end-customers.

Download PDF

Website Security Certification Service for a SMS Marketing Company


Security Brigade conducted a Website Security Certification Services for a SMS Maarketing Company. This case study highlights the techniques and processes implemented to meet the Client's key business goals while helping them re-assure their customer's of the security of data stored with them.

Download PDF

Website Security Certification Service for a Multinational Conglomerate Corporation


Security Brigade conducted a Website Security Certification Services for a Multinational Conglomerate Corporation. This case study highlights the techniques and processes implemented to meet the Client's key business goals while helping them certify the security and integrity of their internal financial audit application.

Download PDF

Deliverables

Security Brigade's reporting process is industry-unique and aims to deliver maximum value to your organization and the administrations / developers directly interacting with the security audit. Each report is customer-specific and contains detailed information, proof of concepts, source code examples and configuration details with the aim of educating your IT teams for the long-term. The following are some of the deliverables you will receive on completion of a Website Security Certification Service.

Website Security Certification


A signed and stamped certificate to verify that your application has gone through the Security Brigade Website Certification Criteria (SBWCC) and cleared the same without exception.

Download PDF

Executive Report


Provides a high-level summary of the applications covered, vulnerabilities discovered and the recommendations made to mitigate the threats identified through the engagement.

Download PDF

Technical Report


Provides comprehensive information about all the threats discovered on the applications. It will include proof-of-concepts, technical explanations, remediation recommendations, screenshots, exploits, etc.

Download PDF

Project Summary Report


Provides a detailed summary of the engagement, the vulnerabilities identified, recommendations made and current status of the identified issues.

Download PDF

Request a Call

Telephone: +91-022-23532909 | Contact Us | Twitter | Linked In
Security Consulting | Penetration Testing | Web Application Security | CERT-IN Empanelled | Privacy Policy
Copyright © 2007-2013 by Security Brigade InfoSec Pvt. Ltd. All rights reserved.