Web Site & Web Application Security

Blue Atlas has specific expertise in the security of the web application layer within an organization’s network.  Web applications generally face unknown vulnerabilities – that is, the applications are custom and the vulnerabilities are new or unique to the specific application in question. 

Blue Atlas provides security review and remediation services at the Web application level.  Web applications can be simple Web pages or Web services that are coded in a matter of hours; or complex, database-driven applications that are developed under a full software development life-cycle.  However, irrespective of complexity or size, any Web application that processes requests or receives data from an external source, is vulnerable to attack.  Therefore, security-related development activities must be applied to even simple Web applications.

Vulnerabilities in Web applications may result in:

• Exposure of sensitive content/data – This refers to making certain types of information easily available on the Web site, such as facility information, packaging instructions, downloadable instructions, employee information, etc.
• Data theft/loss – Through unauthorized access to a back-end database, resulting in deletion, publishing, or misuse of data in various unauthorized ways.
• Exposure of private data – This becomes a concern if a back-end database stores confidential information, such as that provided by job candidates, vendors, etc.  This can result in legal implications, negative publicity, and negative impact on the corporate brand.
• Service loss – The inability to access the Web site if there is an attack on an application or the Web server in general.
• Web site defacement – Refers to unauthorized changes being made to Web site content (think in terms of ‘graffiti’ on a Web site).  This can have significant impact on the corporate brand resulting in loss of shareholder, vendor, and partner confidence.