Web Application Testing

Overview

The primary objective for a web application penetration test is to identify exploitable vulnerabilities in web based applications before hackers discover and exploit them. Web application penetration testing will help to reveal real-world opportunities for hackers to compromise applications in such a way that allows for unauthorised access to sensitive data or even take-over systems for malicious/non-business purposes.

This type of assessment carried out by our ethical hackers aids to:

  • Identify application security flaws present in the environment
  • Understand the level of risk for your organisation
  • Address and fix identified application flaws

As a result of our testing, you’ll be able to view your applications through the eyes of a hacker, to discover where you can improve your security posture. Our security consultants produce findings in written reports and provide your team with the guidance necessary to effectively remediate any issues we uncover.

Approach

InfoSec Governance’s web application penetration testing service utilises a comprehensive, risk-based approach to manually identify critical application-centric vulnerabilities that exist on all in-scope applications.

1. Information Gathering
2. Threat Modelling
3. Vulnerability Analysis
4. Exploitation
5. Post-Exploitation
6. Reporting

Using this industry-standard approach, InfoSec Governance’s comprehensive method covers the classes of vulnerabilities in the Open Web Application Security Project (OWASP) Top 10 2017 including, but not limited to: Injection, Cross-Site Scripting, Cross-Site Request Forgery, Unvalidated Redirects & Forwards, Broken Authentication & Session Management, Security Misconfiguration, Insecure Direct Object Access and more…

Manual Testing vs Automated Testing

InfoSec Governance’s approach consists of about 80% manual testing and about 20% automated testing – actual results may vary slightly. While automated testing enables efficiency, it is effective in providing efficiency only during the initial phases of a penetration test. At InfoSec Governance, it is our belief that an effective and comprehensive penetration test can only be realised through rigorous manual testing techniques.

Tools

In order to perform a comprehensive real-world assessment, InfoSec Governance utilises commercial and open source tools, the same tools that hackers use on each and every assessment. Once again, our intent is to assess systems by simulating a real-world attack and we leverage the many tools at our disposal to effectively carry out that task.

Reporting

We consider the reporting phase to mark the beginning of our relationship. InfoSec Governance strives to provide the best possible customer experience and service.

Remediation & Re-testing

Simply put, our objective is to help fix vulnerabilities, not just find them. As a result, remediation re-testing is always provided at no additional cost.

Menu
Copy link
Powered by Social Snap