This of course varies per application, but a common issue is, for example, injections such as SQL injections or OS/Command injections. It comes down to users being able to type some extra code into a text field on forms, for example. This can be code that is executed on a server, but with XSS injections it can also be code that is executed by the user himself (in the browser). It is also possible that an authentication system does not validate a user's permissions well enough, allowing users to read just a little too much data. Sometimes the settings of a used software component have not been changed properly, or the used software component itself contains vulnerabilities. For more information the OWASP project can be consulted, they have published a top 10 of most common security vulnerabilities.
There is a growing need for demonstrably reliable digital communication and internet security. Legislation and guidelines oblige organizations to take sufficient protective measures against data leaks. Organizations also set requirements among themselves regarding the security level of online communication and storage.
For any organization that offers online services or communicates with customers online, reliability and security are essential and require constant care. Security is an integral part of the development process at Ibuildings and we provide various services in the area of web application audits & security.
Expertise & Assignments
Ibuildings has deep expertise in the field of application security. We can help you make the right choices and take the right web application security measures. Ultimately, you can use your software yourself with confidence and offer it to your customers, who in turn rely on you. Security for custom applications is also custom work. Applications that run on phones and tablets have other security issues than web applications for desktop use. The solution for each client can therefore be different, and we adapt to those needs.
Below is a selection of the issues our experts deal with for our clients:
- Web application security audits
- Secure web development consultancy and training
- Web application security monitoring
- Identification, authentication and authorization implementations (such as SAML2)
- Encryption implementations (such as PKI implementations)
Security Audits & Security App
With a security audit we look at whether an application meets a certain level of security. If we find security vulnerabilities, we give concrete recommendations to improve them. With a security audit we not only look at the application (or application layer) itself, but also at the development process around it.
For our own development projects we regularly perform internal security audits. We quickly solve security issues and security risks by applying the best security measure. This way we are ahead of any security threats.
During our application development process we apply various security standards, including the OWASP ASVS. This is a standard that prescribes what and how verification of an application should happen and what output is expected. This ensures high-quality and consistent verification.
In addition, we regularly scan our code using various application security tools for application vulnerabilities, use good and well-known open source code, and stay up to date with best-practices. You will not find any vulnerabilities from the OWASP top ten with us!
Companies and organizations must comply with increasingly strict requirements for the processing of personal data. The new AVG (the Dutch interpretation of the European GDPR) requires adjustments to the organizational processes, but also to the software used.
To meet this demand, we adhere to the ISO 27001 standard, for which we are also certified (as of Jan 2022). This standard is a globally recognized standard in the field of information security. Ibuildings helps you to make your existing or new custom web applications compliant with the new requirements for processing personal data.