© 2019 RSM US LLP. All rights reserved.
Web Application Testing
Securing your web applications and the sensitive data they handle
Web applications play a vital role in countless business processes. They also often manage sensitive data, including personally identiﬁable information (PII), proprietary information and credit card data. Therefore, organizations should utilize web application security testing to help address detectable security ﬂaws that allow attackers to disrupt functionality or compromise sensitive data points.
Additionally, many organizations have regulatory obligations to conduct web application security testing. For example, organizations that accept credit cards should ensure their applications are secure and comply with Payment Card Industry (PCI) standards.
RSM’s web application security testing assessments identify security ﬂaws that could cause debilitating compromises or disruptions to your key web applications, such as those listed within the Open Web Application Security Project (OWASP) Top 10. These assessments also facilitate compliance with your specific regulatory requirements, demonstrate security due diligence and help protect sensitive data.
To help secure your web applications for internal employees and customers, and align with your business and compliance needs, RSM offers three types of web applications assessments:
1. Black Box web application security assessment
In the Black Box test, RSM uses a variety of automated tools to perform an uncredentialed scan of applications to identify vulnerabilities and suggest steps for remediation.
2. Grey Box web application security assessment
In the Grey Box test, RSM uses automated and manual tools, manual reviews and user credentials to more thoroughly identify vulnerabilities, including potential business logic flaws.
3. White Box web application security assessment
The most in-depth of the three assessments, the White Box test, analyzes your application’s source code to detect vulnerabilities and suggest steps for remediation.