Military development

Software development for the armed forces

CORONIC has undergone rigorous security screening processes and has been granted the highest level of security clearance. This allows us to develop software for high-security projects for the police, government authorities and the armed forces.

VISOR Computer Check

VISOR online computer check

VISOR Check tests private users' PCs for security gaps and explains how to protect Windows, optimise one's browser and prevent phishing.

Portal solutions

Widgets, portlets, gadgets and Web 2.0

Share, evaluate, comment... The second generation of the internet has arrived! CORONIC can teach you how to optimise business processes and sell more products thanks to this new technology.

Automatic detection of security gaps with penetration tests

Detect cross-site scripting automatically 

The second-generation internet has become fast and interactive thanks to scripts and iFrames. However, these script-based technologies are a target for cross-site scripting and hacker attacks.

A typical example

A new user registers on an online forum, but instead of writing his own name down in the "First name" line, he enters a disguised malware code there. Then, the attacker contributes to the forum. Instead of being able to see his online identity when they click on his contribution, other forum users accidentally activate the malware. The manipulation of scripts (programmes) by third parties is a simple example of cross-site scripting (XSS).
 

Cross-site scripting and SQL injection: top in all negative charts

Every single year, cross-site scripting and SQL injection make it to the top of the charts for the most dangerous security gaps and most common programming errors (see CWE/SANS and OWASP). Both types of attack depend on a programming error: not checking user data thoroughly enough before processing or saving them. And precisely because it is that type of error, automatic tools can easily detect them - after all, it is just a matter of testing as many malware entries as possible. 
 

Exacerbating factor: Web 2.0

Wikipedia's basic definition of cross-site scripting is "the usage of a computer security hole in web applications, in which information is removed from a context in which it is not considered trustworthy and introduced into another context in which it is considered safe." Just as Wikipedia describes, many Web 2.0 applications take information from various sources and place it into new contexts. So different contents such as profile pictures, forms, comments, assessments, weather forecasts, news items and advertisements are taken from various providers and brought together on an apparently homogenous site or alongside a different product. It is difficult to assess the trustworthiness of all providers and keep up with the seemingly endless flow of functionalities and interaction, as well as filter all the incoming data properly - and in the future, it will become an even greater challenge, even for the best programmers.  
 

Vulnerability scans detect common application errors fast

Detecting all errors in an application requires a full code review. Even experienced specialists sometimes spend days or even weeks analysing the gaps and pitfalls of web applications in detail. Moreover, to do so, the application's source code has to be provided to third parties. Often, it is the minor, simple and obvious errors that open the door to malicious users. 
 

Vulnerability scans for web applications at a fixed price

CORONIC recommends carrying out extensive automatic tests with professional tools to detect security gaps in web applications. Experience shows us that our specialists can detect most vulnerabilities in a very short space of time: only one or two days. So with a small budget, the first big step towards web application security can be taken!  

Are you interested?

If so, contact Frank Bock, who will be happy to help.

 

Bookmark and Share