Web Application Testing
Our consultants will work with the appropriate IT staff at your organization to determine the best approach for testing your web applications. We offer the following methodologies and recommend considering all approaches during testing.
- Unauthenticated Attack
- Authenticated Attack
- Compromised Server Attack
Our consultant will approach your application as a hacker on the outside would. No additional information or login credentials will be provided to the consultant.
Our consultant will obtain legitimate application credentials and attempt to gain additional application access rights and/or gain access to the underlying server.
Compromised Server Attack
In this scenario, the application has been compromised and our consultant will portray an attacker on the compromised web server. Our consultant will attempt to discover and transfer sensitive information as well as attempting to pivot and move throughout your organization’s network.
Utilizing the OWASP framework, our comprehensive engagement will test information leakage, configuration and deployment methods, identity management, authentication, authorization, and input validation just to name a few. Our consultants will use various industry-standard automated testing tools as well as manual inspection to identify vulnerabilities. At the completion of the engagement we will provide a comprehensive report which identifies all discovered vulnerabilities, risk rates them based on severity, and provide real-word remediation strategies to mitigate the identified vulnerabilities.
Not sure if a full Web Application Test is right for you?
We also offer Dynamic Application Security Testing (DAST) where we can run a scan of your application and provide reports detailing any existing vulnerabilities. This is a great point in time review of your application to insure you aren’t introducing new vulnerabilities as you post new builds.