We offer various types of web application penetration tests that together cover a full range of vulnerabilities. The penetration tests are carried out by experienced security experts, accredited by the world leading standards and certifications.
External Web Application Penetration Tests
An external penetration test covers the assessment of security of systems exposed to the Internet. Considering that anybody who is connected to the Internet can access such services remotely, the risks of attacks are very high.
Our external security assessment attacks include web application attacks. This test module verifies the resistance of a web site or web application to common attacks, which recently have become more and more popular and very easy to execute. An external web application penetration test is an attack simulation that makes possible to discover different kinds of flaws: authentication, authorization, encryption and any other logic weakness which might result in an unauthorized access, password theft, credentials, identity theft or privilege escalation within HTTPS/HTTPS portals, such as an e-banking system.
Web Application Penetration Testing Methodology
Our Web Application Testing methodology is a separate service designed for an in-depth probe and analysis of a client’s web application. Our security experts use a blended approach of open source, custom scripts and commercial tools to conduct our Web Application Tests. As part of a Web Application Test, we will assess the following elements:
- The Web Application Server/ Web Application Service
- The client/server protocol and communications path
- The client application
We conduct the following discrete tests for Web Application Assessments:
- Application Re-Engineering
- Authentication Assessment
- Session Management
- Input Manipulation
- Information Leakage
Our testing ensures that common best practice guidance and methodologies are covered including all components listed in the OWASP Top 10.
Reporting and Debrief
Finally, we document all vulnerabilities and exposures within the environment. Reports aim to quantify the exposures and identify how and why they may pose risks to the business. Remediation advice and guidance is provided in our report on how the environment should be improved. Our report consists of two parts, a management summary and a technical report.
Debriefs can either take place via conference call, through WebEx, or through face-to-face meetings. During these debrief sessions, we will walk the client through their security exposures and offer advice and guidance on how the environment should be improved.
Please fill in the following information and a Fast Lane representative will contact you soon.