Zend - The PHP Company


Zend-Services-Loby-page-banner

    Zend Security Audit

    The Zend Security Audit follows a comprehensive methodology developed over years of experience in analyzing Web, PHP and application vulnerabilities. The audit delivers a detailed evaluation of your PHP code for vulnerabilities, non-secure programming practices, and protection against a wide spectrum of known attack techniques. It consists of automated and manual penetration tests, attack-prone code pattern identification, and application transaction flow review.

    Application Security Challenges


    The average cost of a data breach increased to $7.2 M in 2010. Customer abandonment after publically exposed application data breaches is the dominant factor while reputation damages originated by security exploits take a substantial time to reverse. With a growing number of attacks and exploit methodologies, often targeting multiple functionalities and layers in a single application, it is essential for businesses to identify flaws that could lead to the exposure of sensitive information or malicious execution of undesired application behaviors. Zend's security audit provides a thorough risk assessment, based on the threat classifications defined by the Open Web Application Security Project (OWASP), to all identified coding faults and vulnerabilities. Detailed remediation recommendations are then discussed for each identified security risk.



    The Zend Security Audit assesses a wide array of application vulnerabilities which include:

    • Functional vulnerabilities
      • PHP Code Inclusion and PHP Code Evaluation
      • Shell Execution
      • SQL Injection and HTTP Header Injections
    • Crosss-site Scripting (XSS) Vulnerabilities
    • Cross-site Request Forgeries (CSRF)
    • File Permission, Access Control and Installation
    • Session Management Analysis
      • Weaknesses in Session Management
      • Session Fixation and Session Hijacking
      • Usage of Secure Cookies and HTTP-only cookies
    • External Interfaces  - Database Access, WebServices, Facebook API
    • Client side Vulnerabilities (Optional)

     

    Zend Security Quick Scan


    Zend also offers a quick overview of the security state of the application by performing a remote Security Quick Scan. The Quick Scan will review your application using automated tools to identify coding patterns that can lead to common vulnerabilities.

    The Quick Scan is a Black-Box Test, during which Zend's security engineers imitate typical techniques used by external parties trying to attack the web application without having access or knowledge of the underlying source code or the infrastructure itself.

    The resulting Quick Scan report summarizes the main vulnerabilities identified. The Quick Scan automated process is included by default as part of the more extensive Security Audit. It can be taken as a preliminary step prior to performing a complete code audit.

    Resources
    DATASHEET

    Architecture & Migration

    more»

    DATASHEET

    Architecture Audit

    more»

    DATASHEET

    Deployment

    more»

    DATASHEET

    Security Audit

    more»

    DATASHEET

    Smart Start

    more»

    DATASHEET

    On boarding

    more»

    Customer Quote

       We encountered a serious problem in our production environment that threatened to undermine our Web site availability and performance. When we were unable to recreate the problem, Zend's consultant conducted a thorough analysis of our project. He didn't push a quick fix or ask us to make a technology leap of faith. Instead, he helped us achieve short-term milestones with little or no business disruption or risk, and worked with us to reach our long-term goals for Web site performance and availability. Now we're running our PHP applications with the confidence gained from seeing first-hand how Zend works proactively to help us troubleshoot our Web environment.   

    Fred SchmidtManager, Applications Development, VR Systems, Inc.

       I just wanted to say how much I enjoyed and appreciated the consultant's style and the time we all spent together, it was an excellent start to our future with Zend.   

    Matthew FareyIT Operations Manager, Microlease plc