Home
Security assessments and audit
Security design and review
Policies, standards and procedures
Approach
Case studies
Check lists
Top 10s
Company information
Principal staff
Website map
Terms of use
Privacy notice
Legislation
Standards and codes of practice
Organisations
Publications
Addresses
Enquiry form
Web site and web application security assessments and audit
services
Risk assessments, reviews, security audits, web site due diligence.
Overview
Organisations need to practice due care in the operation of their internet, intranet and extranet websites, web applications and e-commerce systems to prevent security breaches and to have controls in place to mitigate the effect when breaches occur. Failure to practice such due care is negligence and increases business risk.
Assessments, reviews and formal audits can be used to provide an understanding of the risk involved, whether security best practice is being followed and whether due care is being taken.
Due diligence investigations systematically identify, evaluate and assess vulnerabilities, threats and issues relating to security. Due diligence reviews are also usually undertaken by companies considering purchasing services (e.g. hosting or application development) including partners, co-sourcing, outsourcing arrangements and traditional suppliers. In these cases, the risks of using a particular supplier need to be investigated and considered as part of the procurement process. The specific web application security issues can be complex and require specialist knowledge to identify and evaluate the information.
Sometimes a security audit is required as part of the cyber insurance policy application process, such as against web site defacement, defamation or intellectual property infringement due to content or denial of service. The scope of the audit will depend upon the type of business sector (e.g. regulated or not), the tpe of content, type and sensitivity of data collected and stored, location of users, web site terms of use, any contracts with users, traffic levels and the business effects of the web site being unavailable.
Example web site and web application security assessments and audit projects
Selected projects from the description of Watson Hall's approach:
Other services from Watson Hall
Web security design and review and information security & privacy policies, standards and procedures.
Contact Watson Hall
Contact Watson Hall to see how we can assist you with undertaking assessments, reviews and audits of web applications, websites and e-commerce systems.
Act now
Contact Watson Hall to see how we can assist you with undertaking assessments, reviews and audits of web applications, websites and e-commerce systems.
These pages contain general information only. Nothing in these pages constitutes professional advice. Please read the website's terms of use, and consult a suitably qualified information security professional on any specific problem or matter.