Due to the fact that many web services provide critical business functions, this makes them a strong target for Internet attackers. Web services can still be susceptible to Structured Query Language (SQL), Lightweight Directory Access Protocol (LDAP), Operating System (OS) and Extensible Markup Pathway Language (XPATH) injection, blind injection and buffer overflows. XML based resources are frequently configured without any form of access control. As a consequence, if a web service allows user input to be included in an query, then it becomes a strong target for an injection based attack.

IrisLogic provide web service penetration testing based on proven methodologies and techniques. Using a series of commercial tools, open source tools and in-house built scripts, IrisLogic’s security testers provide security testing techniques that identify your security vulnerabilities before Internet hackers find them.

Featured offering:

• Functionality Testing
• Usability Testing
• Interface Testing
• Compatibility Testing
• Security Testing
• Performance Testing
• Invalidated Redirects and Forwards
• Assessing elements of the OWASP Top 10
  • Injection
  • Broken Authentication and Session Management
  • Cross-Site Scripting (XSS)
  • Insecure Direct Object References
  • Security Misconfiguration (CSRF)
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Cross-Site Request Forgery (CSRF)
  • Using Components with Known Vulnerabilities