WEB APPLICATION PENETRATION TESTING

WEB APPLICATION PENETRATION TESTING

Service Summary

Web Application Penetration Testing
Security is a Process, Not a Product

We specialize in web application penetration testing and e-commerce security management, based on the PCI DSS requirements or addressing specific risk concerns of our clients. Our tests include script injection, broken authentication, cross site scripting, insecure object references and other similar vulnerabilities. We base our web application testing methodology on the OWASP testing guidelines as the global leading source for web application security management, recognized by the EC Council.

Process Description

The initial preparation for the web application penetration test includes the setting of the test scope, testing hours and testing techniques to use. The scope is simply the number of critical application systems and services, that the management has decided to test and prepare for any malicious attack scenario. The testing times are usually during off-peak hours from 8PM - 6AM so that there is no noticeable processing disruptions. In many cases the penetration tests are run on a test environment before the systems "go-live" for public use. The techniques used during the web application penetration testing procedures are also an important factor as many clients and standards require different tests to be run.

After agreeing on these terms the penetration test can begin. The web application penetration test can be broken into eleven categories:

  • Information Gathering
  • Configuration and Deployment Management Testing
  • Identity Management Testing
  • Authentication Testing
  • Authorization Testing
  • Session Management Testing

  • Input Validation Testing
  • Error Handling
  • Cryptography
  • Business Logic Testing
  • Client Side Testing

Each phase is tested using the corresponding tools described in the OWASP Testing Guide reference to verify that all 91 control objectives are implemented to protect the privacy, integrity, confidentiality, availability and security of the web application and its data. The deliverable consists of a detailed web application penetration test report stating all the application layer vulnerabilities with their corresponding impact and recommendations for their resolution.

Clients Cases

Contacts

NetSafety is an international cybersecurity consulting company with a head office base in Sofia, Bulgaria. Our firm's reputation is built on integrity, professional business conduct and a high quality of service in everything we do.

Simply call us to schedule a meeting and discuss your business needs.

NetSafety
Cybersecurity Consultants

E-mail:
team@netsafety.eu

Contact:
(+359) 88 9387598

Office location:
Sofia, Bulgaria