Web Application Penetration Test

Overview:

A Web Application Penetration Test involves testing a running application remotely, without knowing the inner workings of the application itself, in order to find possible vulnerabilities. Our highly trained technical staff accomplishes this by conducting a series of methodical and repeatable tests to determine and work through all of the different application vulnerabilities.

Features:

• Independent verification of the security status of an organization’s portal application(s)
• Determines if on-line (customer, patient, taxpayer, other) self-serve applications present an exploitable risk to the organization
• Identification of prioritized remediation needs

Benefits:

• Determines if vulnerabilities exist in an application by testing each interface to the application including server operating system, application platform and database

Inclusions:

• Structured methodology for Web Application Penetration Test includes: Enumeration, Vulnerability Assessment and Exploitation phases
• From results of Enumeration phase, Vulnerability Assessment covers the following ten areas:
  • Input Validation
  • Access Control
  • Authentication and Session Management
  • Cross-Site Scripting (XSS)
  • Buffer Overflows
  • Injecting Flaws
  • Error Handling
  • Insecure Storage
  • Denial of Service
  • Configuration Management
• Controlled attacks will be performed against each reported vulnerability excluding those that could cause a Denial of Service condition
• Final Reporting and conference call to review engagement findings and recommendations