Security assessment efforts are never complete unless extended beyond the application layer to the server level. Server security testing at QBurst can involve penetration testing, vulnerability assessment, and restricting publicly accessible server variables followed by server hardening measures. Various security audit and intrusion detection systems are used to facilitate the scanning and analysis process.
Server Penetration Testing
The aim of a penetration test is to identify server vulnerabilities. This can be performed with the help of different tools which augment the testers’ analysis. To assure clients of the compliance of our security processes with IT industry standards, we base our penetration test tools, assessment strategies and audit checklists on OISSG’s Information Systems Security Assessment Framework (ISSAF). While most penetration testing services end in a final report detailing the exposed vulnerabilities and recommendations for their removal, we take the process to the next level by implementing those corrective steps.
Server hardening can be broken down into application and operating system (OS) levels.
Hardening at the server application layer constitutes
- Setting up web server firewalls and disabling of HTTP trace requests, directory indexing, etc.
- Database hardening to protect against common vulnerabilities such as SQL injections.
- Disabling certain system level functions and hiding variables that could expose the server to malicious attacks.
At the OS level, measures to secure the server can include
- Advanced Policy Firewall
- Brute Force Detection
- DDos Deflate
- RootKits Scan
- Securing Shared Memory
- Hardening SSH installation
Protecting applications and the data contained within, while making them available to valid users is critical to any business. Our security audit methodology and processes are built on industry standards and international guidelines. We identify the root causes for security flaws, perform hardening to secure the environment and provide a detailed report with recommendations for reasonable and practical steps to mitigate future risks. Contact us for a detailed security audit of your application.