The term "Web Application Penetration Test" refers to a test performed by an outside expert who determines if vulnerabilities exist in an application by testing each interface to the application including server operating system, application platform and database.
To ensure a safe and thorough Penetration Test our team follows a structured methodology that includes the following steps: Enumeration, Research and Exploitation.
Enumeration
The testing team will extract as much information as possible about the Application. This information is gathered through the use of various tools and procedures such as;
- Port Scanning
- Vulnerability Scanners
Research
From the data gathered in the enumeration phase we will use industry standard databases to determine how your vulnerabilities can be exposed and exploited.
Exploitation
The testing team will attempt to exploit any known vulnerabilities reported, with the exception of denial of service, to determine the types of data that can be accessed and the level of control over the application. Various techniques will be used depending on the vulnerabilities discovered such as;
- Application Server Vulnerabilities
- SQL Injection
Reporting
The project will provide the client with the final report containing the following:
- Executive Summary
- Technical Review containing observations and recommendations
- Raw Scan Results and Findings
|
