Genius Security is a premier provider of industry-leading Application Security Services. Genius provides security consulting and assessment services for web-based and other applications including penetration testing, source code review, database analysis, and secure application development training to clients around the globe.

These services provide assurance that applications are securely designed, deployed, and defended against costly compromise. Genius Security Application Services enable clients to protect revenue and reputation and avoid repudiation risks by providing security at the foundation of the Enterprise: the application code.Genius Security provides the leading edge in application assessment methodologies, application design and defense techniques, and vulnerability research, including:Secure Application Design

  • N-tier application security architecture consulting
  • Network and application security control consulting
  • Web services security consulting
  • Development process consulting to securely enable business applications
  • Compliance designs for Visa CISP, Mastercard SDP, GLBA, SOX, HIPAA

Secure Application Defense

  • Application native security control implementation
  • Application firewall and IDS implementation
  • Network security control implementation appropriate for applications
  • Incident Response handling and Digital Forensics on application compromises

Application Security Analysis

  • Web Application Assessments
  • Source Code and Binary Analysis
  • Application Threat-Modeling and Architectural Analysis
  • Web Services and ActiveX Analysis
  • Database Security Analysis (MSSQL, Oracle, DB2)
  • Compliance assessments for Visa CISP, Mastercard SDP, GLBA, SOX, HIPAA

Application Security Training

  • Web Application Security 101
  • Advanced Web Application Security Design & Assessment
  • Business processes to support secure application design & deployment

Complex Approach to Securing Web Applications:

Vulnerabilities and Potential Threats

Securing Practices and Countermeasures

AuthenticationNetwork eavesdropping, Brute force attacks, Dictionary attacks, Cookie replays, Credentials theft – Partition of public and restricted areas
– Account disablement policies
– Proper credentials verification and storage
– Proper password handling
– Authentication data protection
– Communication channels securing using SSL
Input ValidationBuffer overflow, cross-site scripting, SQL injection – Thorough input validation
– Proper input filtration
– Centralized validation strategy
– Proper database access
AuthorizationPrivilege elevation, confidential information disclosure, data tampering – Multiple gatekeepers
– Authorization granularity
– Role-based security
– Strong access controls
– System level protection
Configuration ManagementUnauthorized access to application administration, hacking of configuration data – Role-based administration with strong authentication
– Secure communication channels for remote administration (SSL, VPN)
– Restricted access to configuration data
– Least privilege approach
Sensitive DataSensitive data discloser, network eavesdropping, data tampering – Role-based access to sensitive data
– Sensitive data on demand approach
– Data encryption
– Proper information storage and secure communication

Contact us today to discuss how we can assess your security vulnerabilities and help develop strategies to protect your content and intellectual property

We are always on an urge to learn new standards to improve our skills.