Web Application Security Testing


Bancsec analyzes web applications from the “outside-in” to find weaknesses in code, platform, and deployment, with concentration given to the OWASP Top Ten and SANS Top 25 issues. 

We are also partnered with Veracode to provide static or dynamic binary code analysis for even deeper “inside-out” results. Our expert web application test consultants validate and interpret these results, and subsequently can help to guide code remediation and strategies.

Because of our reputation for deep analysis, Banks and service providers rely on our testing for web applications such as:
  • Online banking
  • Remote deposit
  • Investment Services
  • Mobile banking
  • Secure File Exchange
  • Lock Box
  • Marketing websites
Our testing uncovers over 99% of technological security issues, including but not limited to:
  • SQL Injection
  • Cross Site Request Forgery
  • Code Injection
  • Cross Site Scripting (Reflected, Stored, DOM based)
  • Authorization Bypass (Horizontal and Vertical)
  • Authentication Bypass (Horizontal and Vertical)
  • SSI Injection
  • XML Injection
  • Session Management
  • Secure Data Transmission
  • Path Traversal
  • Local File Inclusion
  • Remote File Inclusion

  • Insecure Cryptographic Storage
  • Command Injection
  • Cross Frame Scripting (XFS)
  • LDAP Injection
  • SSL/TLS Configurations
  • HTTP Parameter Pollution 
  • HTTP Verb Tampering
  • Open Redirection
  • Improper Error Handling
  • Browser Autocomplete
  • File Extension Filters
  • Web Server Configurations