2-sec is pleased to announce that as of January 1st 2018, all of our penetration tests will be carried out against the new “OWASP Top Ten Standard for Web Applications, 2017”.

Luke Vile, Cyber Security Director for 2-sec says; “This new standard means that each penetration test carried out by 2-sec will provide much greater assurance to each customer that their website or web service has been tested as rigorously as possible. Amongst many upgrades to our service, this new standard ensures we deliver:

  • Stronger assurance of the security of application code, through more thorough checks of a site’s protection against brute force attacks, a sophisticated ‘source code review’ style vulnerabilities check, and many other adaptions that take into account current changes in the web development process.
  • We will also be delivering new, tactical assessments of secure company operations, such as readiness to detect an attack, as well as assessments of log structure; to determine whether it is sufficient for future forensic analysis”.

Alexander Drabek, Penetration Testing Team Leader says; “This new testing standard has been extremely well researched by the OWASP community undergoing a lot of scrutiny before making final version. Much greater security-community feedback and extensive analysis from multiple of organisations have gone into the Top 10 – 2017 standard. OWASP has claimed that it is possibly the largest amount of security research carried out in the preparation of a web security standard”.