Similar to Flash, Microsoft java is a "thick client" application interface used to enhance users' experience. Underlying web services calls made by Silverlight are vulnerable and it is important to map those in terms of vulnerabilities and create fixes.
Java applets are a vital component in any software implementation, when it comes to deploying a robust and versatile application system. Java creates pseudo-code to add a security layer, however unfortunately it is not sufficient in todays insecure world. Multiple attacks for data at rest and data in transit are applicable to Java coded applications.
Valency Networks security analysts use following methods to perform vulnerability assessment and penetration testing of Java apps.
While the data in transit can be intercepted using various tools, the data at rest on the local storage can also be tampered with and deciphered to gain user and application information. Most of the java applet penetration testing is performed using manually methods and few tools are used merely to speeden the process up. A memory dump of java runtime memory manager can reveal critical application information in terms of secure or non-secure backend calls. If found vulnerable, injecting dummy data to penetrate into application database is tried too, which is a rather intrusive test.
What Our Customers Say?
Valency Networks is a very techie company, focusing on a continuous improvement in service quality. Our customers like us exactly for that and that helps us keep our quality to the best extent.
Valency Networks is our only preferred vendor because the way they find vulnerabilities in our network is par excellence. We hired them on a long term contract to top up our perimeter and wish to continue with them.
Hardly goes a day when I have not learnt anything new in cyber security space and IT technologies.
Working at Valency Networks helps me gain great knowledge everyday.