The Information Security Specialists

Application Security

You only have to read an industry magazine, visit InfoSec or, these days, simply switch on the BBC news to understand how important an area this is and how severe the implications of poor or compromised security could be for your business, your data, your clients and your reputation.

Results taken from NTA’s 2011 Web Application Annual Report show that 25% of all web applications we tested contained at least one high risk vulnerability. The continual pressure for organisations to make information more accessible and available can feed through to a greater potential for application security risks, with the ICO recently handing out fines of up to £500k to organisations that have experienced breaches and data loss.

Whether it’s an internal CRM or HR system containing business critical or sensitive data, or a public facing transactional website, application security is a constant battle.

But wait. It’s not all doom and gloom and with the right guidance and good quality manual testing, you can easily get your confidence restored.

For some organisations, security is unfortunately an afterthought. But at NTA, we work with many companies who are serious about securing their data and who get us involved early in their application development cycle, with us working alongside developers and third parties to ensure security is built in from the ground up.

For others, a false sense of security can lead to the continued existence of application vulnerabilities. Putting your faith in a weak, fully automated application scan that fails to discover all of the issues can potentially be worse than doing no testing at all. Applications are complex, varied and business critical, so automated scanning is rarely adequate or appropriate.

SQL injection, cross-site-scripting and data sanitisation issues are some of the more prevalent security vulnerabilities, but issues are frequently identified from all of the OWASP Top Ten categories. NTA’s Web Application Test service will identify such issues and provide advice on the most appropriate fix.

Source code reviews can also be provided if you favour this approach.

So if you have found yourself asking “At what stage should I test the application?”, “Could an attacker potentially access the back end database?” or “Is my authentication strong enough?”, then NTA can help advise on these and any other questions that you have to help achieve your desired goals.

One of the team is always willing to discuss any specific requirements or questions you might have so feel free to contact us.

English French German Italian Portuguese Russian Spanish
Call us now on
01634 721855

Latest News

I wish to highlight the outstanding work that your consultant undertook whilst doing the ICT Health Check for the Council.

View all Testimonials

Particularly notable was the level of technical knowledge displayed by NTA’s consultants, and we were also impressed that they were willing to share this knowledge with the network team.

View all Testimonials

We have found NTA to be an excellent supplier, offering a very good service at a competitive price. A key differentiator is that they are happy to answer any questions...

View all Testimonials

I have found NTA to be an approachable knowledgeable partner, and have no hesitation in recommending their services.

View all Testimonials

The NTA testing programme was a success on all fronts.

View all Testimonials

The quality of both the initial work and follow-up advice and guidance was excellent, and NTA provided full lifecycle support to the development and delivery of our Online Services portfolio.

View all Testimonials

On one occasion our third-party did not believe the vulnerability was an issue - having had their software tested by another well-known security testing company - and NTA Monitor were...

View all Testimonials

NTA Monitor are very supportive, especially regarding general questions about Information Security issues such as hacking and vulnerabilities.

View all Testimonials

NTA Monitor has been a trusted supplier for a number of years and we have found them to be approachable, helpful and understanding of our needs relating to information security.

View all Testimonials