Application testing has become a vital tool in ensuring the integrity and security of business systems. We usually carry out these tests in combination with other testing services, depending on the characteristics of a client's IT infrastructure. The aim is to identify and correct vulnerabilities in system code or configuration that could allow systems to be misused. Examples include technical and scenario-based testing of ecommerce systems, or of trading systems within financial organisations, to establish whether the malicious or accidental actions of external attackers or employees could expose a company to financial loss, regulatory breaches or negative publicity.

The service consists of a series of technical and scenario-based tests, which go beyond standard vulnerability testing. We try to subvert system code and force it to carry out actions outside usual operational constraints. For example, we might try to break into the system using different authentication mechanisms, attempt to release confidential information, or examine client-side code. Other tests might include hidden field manipulation, SQL injection, examinations of application to application interaction, parameter manipulation, protocol analysis of application network traffic, cross site scripting, or password cracking.