WEB APPLICATION PENETRATION TESTING
Service Summary
We specialize in web application penetration testing and e-commerce security management, based on the PCI DSS requirements or addressing specific risk concerns of our clients. Our tests include script injection, broken authentication, cross site scripting, insecure object references and other similar vulnerabilities. We base our web application testing methodology on the OWASP testing guidelines as the global leading source for web application security management, recognized by the EC Council.
Process Description
The initial preparation for the web application penetration test includes the setting of the test scope, testing hours and testing techniques to use. The scope is simply the number of critical application systems and services, that the management has decided to test and prepare for any malicious attack scenario. The testing times are usually during off-peak hours from 8PM - 6AM so that there is no noticeable processing disruptions. In many cases the penetration tests are run on a test environment before the systems "go-live" for public use. The techniques used during the web application penetration testing procedures are also an important factor as many clients and standards require different tests to be run.
After agreeing on these terms the penetration test can begin. The web application penetration test can be broken into eleven categories:
- Information Gathering
- Configuration and Deployment Management Testing
- Identity Management Testing
- Authentication Testing
- Authorization Testing
- Session Management Testing
- Input Validation Testing
- Error Handling
- Cryptography
- Business Logic Testing
- Client Side Testing
Each phase is tested using the corresponding tools described in the OWASP Testing Guide reference to verify that all 91 control objectives are implemented to protect the privacy, integrity, confidentiality, availability and security of the web application and its data. The deliverable consists of a detailed web application penetration test report stating all the application layer vulnerabilities with their corresponding impact and recommendations for their resolution.
Clients Cases
Contacts
NetSafety is an international cybersecurity consulting company with a head office base in Sofia, Bulgaria. Our firm's reputation is built on integrity, professional business conduct and a high quality of service in everything we do.
Simply call us to schedule a meeting and discuss your business needs.
NetSafety
Cybersecurity Consultants
E-mail:
team@netsafety.eu
Contact:
(+359) 88 9387598
Office location:
Sofia, Bulgaria