Quick Search

Enter word or key phrases

Advanced Search
SIFT is an "Australian Government Endorsed Supplier" of information security and information risk management services.

Client Reference Stories

Application Penetration Testing - 13 Sep 05

The client was in the final stages of a software product implementation of a widely used financial package. The client side was to be installed on laptops and desktops and communicated via the internet to a centralised server and database.

As part of the usual due diligence procedures, the client sought to assure the security of the application components as well as the communication of sensitive data between them.

SIFT was engaged to conduct a low level security assessment to check for conformity to the OWASP (Open Web Application Security Project) security principles and subject the application to a series of test cases including, but not limited to:

  • SQL injection
  • Buffer Overflow
  • Command Injection
  • Session Hijacking
  • Insecure use of cryptography

As part of the audit process, SIFT developed customs tools and scripts that were used to further assess and compromise the security of the application.

SIFT delivered a report identifying and detailing serious design flaws within the application. These flaws generated security risks in the way the client communicated with the server component. SIFT analysts were able to fully compromise the entire database and client-server communications. The findings were verified by the software vendor and immediate hot fixes were put in place to mitigate the issues.

As a result of having the application penetration test conducted, the client was satisfied that a reasonable level of security has been achieved with their product of choice.

Top

Enter your email address to subscribe

SIFT Team Delivering 3 Presentations at Ruxcon!

21 Nov 08

The Ruxcon information security conference is once again being held in Sydney on the 29th to the 30th of November. The not-for-profit conference is regarded throughout Australia and the world as one of the leading information security research events.
more...

SIFT in 2008 BRW Fast 100

20 Nov 08

In the second half of 2008, SIFT was recognised for our rapid and consistent growth through inclusion in the 2008 BRW Fast 100.
more...
© 2000-2009 SIFT Pty Ltd. All rights reserved.
Terms & Conditions | Privacy Policy
Developed by Get Started Australia Pty Ltd