Web Application Security Audit is  a assessment of how secure your Web Application is to withstand attacks from a malicious person or program.  It is essentially a feigned attack simulating what a malicious person may try.

1. Cross-Site Scripting (7 out of 10 websites)

2. Information Leakage (5 in 10 websites)

3. Content Spoofing (1 in 4 websites)

4. Predictable Resource Location (PRL) (1 in 4 websites)

5. SQL Injection (1 in 5 websites)

6. Insufficient Authentication (1 in 6 websites)

7. Insufficient Authorization (1 in 6 websites)

8. Abuse of Functionality (1 in 7 websites)

9. Directory Indexing (1 in 20 websites)

10. HTTP Response Splitting (1 in 25 websites)

Web Security audits are conducted to proactively uncover security holes that can be exploited  and also in specific cases to meet compliance  (e.g. PCI).  It is much more beneficial to have the issues uncovered via Web Application security Audit than via a real exploitation by a hacker.  It helps organization proactively protect their consumers, brand reputation, maintain business continuity  and meet compliance.

Web Application audit can be conducted in automated fashion subscribing to a service from the cloud that can do the test for your external facing web applications.  Most of the companies engage highly paid consultants consultant's to conduct the audit with special tools. 

For a complete comprehensive Audit a hybrid approach is recommended.  It is highly recommended to subscribe to a SaaS offering from a company which is also capable  of doing manual application audits.  The SaaS offering helps provide the basic level of security in a automated manner at a higher frequency (daily scans) in a more cost effective manner.   This can be combined with the Manual audits that can be done once a quarter or monthly to provide the comprehensive level of assurance to the organization for protecting their brand, data and meeting compliance

Just like a Burglar alarm installed in the house or the door lock does not guarantee against theft, but instead provides risk mitigation against theft, similarly proactively monitoring your site and addressing the issues mitigates the threats  and does not eliminate it. New threats keep emerging every day.  By partnering with Indusguard Organizations are assured that they do not have to worry about keeping up with these new threats as the Indusface  R&D team continuously keeps updating the Web Application audit service to address and detect these new threats in applications so that Organization can focus on their core business without having to worry about the technicalities of web application audit and security.