Security Test

we need someone to help us prepare the system for the following : Production-safe testing The Veracode dynamic scan engine is designed to test production web applications with minimal impact, and uses testing approaches that do not harm the site or accidentally delete data. For example the Veracode SQL injection test patters use the timing-based methods that append to the existing query without altering its logic. In addition , the XSS test strings inject JavaScript that is benign and does not execute outside the embedded browser used by the Veracode dynamic scan engine. Dynamic Scan: Perform deep analysis of web applications , using customized scans ,crawl, and authentication settings to establish a deep understanding of the vulnerabilities of a single web application . Dynamic scans simulate malicious uses behavior and detect potential attack points by crawling the application and checking if intended functionality can be misused. This type of scan is necessary if the web application and its security are critical to your business. We always rather point the Veracode engine at the UAT or Dev site. We will not be hacking to the site.