Attacks against web applications constitute more than 60% of the total attack attempts observed on the Internet. These vulnerabilities are being exploited widely to convert trusted web sites into malicious websites serving content that contains client-side exploits.
How do you answer these questions?
Our website and web application penetration testing services are conducted by skilled professionals using the latest tools, best practice and our own proprietary testing techniques.
Our test methodology has been informed by:
Our technical approach focuses on these key areas:
|Information Gathering||Identify application entry points, test for web application fingerprint, application discovery, analysis of error codes|
|Configuration Management||SSL/TLS testing, backup and unreferenced files, admin interfaces, HTTP methods, cross-site scripting|
|Authentication||Credentials via an unencrypted channel, user enumeration, bypass authentication schema, logout, browser cache management|
|Session Management||Session management schema, cookie attributes, session fixation, cross-site request forgery|
|Authorisation||Path traversal, privilege escalation|
|Business Logic||Shopping cart functionality, payment card transaction, application-specific business logic|
|Data Validation||Cross-site scripting (reflected and stored), SQL injection|
|Server Configuration||Identify management services, TCP and UDP services, security vulnerabilities