Are your web applications sufficiently hardened to withstand today’s attackers?

Attackers can compromise data directly through techniques such as SQL Injection and Cross Site Scripting, but they can also use web applications to establish a foothold into your network, from which they can pivot to other assets and uncover sensitive or valuable data. Automated tools are not enough to uncover these types of attacks.

Together Entisys360 & PTP can provide an Application Security Assessment (ASA) of the transactional elements of your web based application. Applications such as online banking, on-line trading, eCommerce, Business to Consumer (B2C), Government to Citizen (G2C), or any other critical application should have a comprehensive assessment of its security posture. An ASA will provide you with confidence that your development team or third party developer has built a secure application and that your organization has demonstrated due diligence in its efforts to protect confidential or sensitive information.

Together, our approach to security assessments begins with established methodologies from organizations like the Open Web Application Security Project (OWASP) and the Institute for Security and Open Methodologies (ISECOM). We apply these methodologies using a balanced combination of automated tools and manual techniques with an emphasis in discovery of vulnerable application logic that cannot be found using an automated approach. Our certified professionals then add their own experience and creativity to provide a real world scenario that would be common in attacks by experienced cyber criminals and state sponsored actors.

This assessment will uncover vulnerabilities in the areas of:

  • Web Server Configuration (IIS, Apache, IBM, Oracle, etc.)
  • Authentication and Authorization
  • Session Management
  • Business Logic
  • Transport Security (how data is moved)
  • Cache Control (to prevent exposure of sensitive data)
  • Data Integrity, Error Handling, and Validation (such as Buffer Overflows, and SQL Injection)
  • Web Services (SOAP, WSDL, XML, WCF, RIA)
  • AJAX and end-user accessible source-code/script (such as HTML, JavaScript, Flash, and Silverlight) OWASP maintains a current list of the ten most critical web application security risks. This “Top 10” list will be covered by PTP when we perform an ASA. Examples of some common vulnerabilities in the OWASP Top 10 that an ASA will seek to identify include:
  • The compromise of User ID’s, passwords, or session credentials through Cross Site Scripting (XSS) attacks
  • Full database access through SQL injection attacks resulting in exposure of Personal Privacy or HIPAA data
  • User A being able to access User B’s account and perform actions such as a transfer of funds from user B’s account or placing an online trade (Broken Authentication and Session Management)
  • The ability to duplicate legitimate user sessions (Session Cloning) through weak Session Management
  • Manipulation of parameter and form variables to view other member or customer data (Insecure Direct Object Reference)
  • Third party web sites that can trick a user’s browser into performing an action using the user’s current session in your web application (Cross Site Request Forgery)
  • Post-login forwarding attacks that redirect users to a malicious site (Unvalidated Redirects and Forwards)
  • Access to administrative pages by unauthorized users (Missing Function Level Access Control)

Business benefits Include:

  • Regulatory compliance where applicable
  • Decrease business risk by enhancing overall security posture
  • Provide demonstrated due diligence
  • Protection of the organization’s reputation
  • Reduced litigation expenses
  • Decrease the expense and publicity of a breach notification
  • Often allows for reduced insurance premiums where applicable
  • Peace of mind that your application is well hardened
  • Increased awareness by developers that will carry over to future development projects

Technical benefits Include:

  • A hardened transactional web application that can better resist a concerted application level attack
  • Reports that can also serve as guidelines and help educate your developers
  • Reduced code refactoring time and expense through early detection and mitigation


Together, our solutions help organizations deal with outdated technology and inefficient processes and are experts at reengineering applications that span multiple systems, software languages and platforms. We offer solutions that allow for the seamless migration of applications across architectural platforms and provide end-to-end custom software application development from initial use case analysis through post-implementation support.


Together, Entisys360 and PTP have significant experience in systems integration and application development building browser-based applications for the largest government clients. We can leverage that experience and expertise to replace or build new enterprise applications, extend or add customer-facing websites or to develop mobile websites or mobile applications to deliver world-class customer service solutions.


We know Security. Entisys360 & PTP have proven processes and methodologies which allow us to detect a wide variety of application vulnerabilities. Automated tools are only a small part of what we do. Our Security Specialists carefully study how the application works and identify risks and vulnerabilities that cannot be detected by automated scanners. A thorough examination of how the developer built the application along with in-depth experience in application development and hacking techniques allows us to apply a real-world scenario experience that would be common in real attacks by cyber criminals.


Our security solutions provide our government clients with a full range of security and privacy services to help them meet the challenges they face as they expand their online presence. With the move toward Government 2.0, security requirements increase exponentially. We can help with all aspects including policy writing, network and application security assessments, becoming compliant with industry standards, developing security requirements, performing gap analysis, providing developer training, and more.

We are your Cybersecurity Program Partners

Because we are invested in helping you minimize cybersecurity threats, we…

  • Leverage our deep, diverse experience across industries – Our consultants have performed over 300 security projects for the public and private sectors, including the Intelligence Community and 8 of the 10 largest financial institutions in the world
  • Offer a full range of security and privacy services to help you expand your online presence – With new Government enabling technologies come increasing security requirements—we help you mitigate the risk associated with your digital growth
  • Utilize our own state-of-the-art methodology to simulate a real cyber-attack – Automated tools are useful but only a part of what we do – we carefully study how your systems and applications work to identify risks and vulnerabilities that cannot be detected by automated scanners, allowing us to apply real-world scenario experience that would be common in real attacks by cyber criminals

Cybersecurity Solutions & Services


Web Application Penetration Testing

  • WAPT Methodology

Staff Augmentation

  • Planning
  • Implementation

Incident Response

  • Preparation
  • Identification & Scoping
  • Containment
  • Eradication
  • Recover

Network Penetration Testing

  • External and Internal

Network Testing Security Roadmaps

  • Analyze Current State
  • Prioritized Approach
  • Sustainable Program

Enterprise Security Assessment

  • Business Objectives
  • Enterprise Risk Assessment