Web applications are commonly subjected to prolonged and targeted attacks.
By conducting testing on the application before it goes live you can understand the risks and put in place fixes or mitigations before you are faced with a breach.
Out testing leverages the great work undertaken by the OWASP (Open Web Application Security Project) as we follow their guidelines and provide our reports in alignment with their top 10 and WebApp testing framework. This means you have a report and findings that relate to terms and risks recognised by the rest of the security industry.
We use both automated and manual testing methods to ensure the common and unusual/unique aspects of your application are tested.
The minimum standard aspects of all our tests are:
- Patching status of all components.
- Correct implementation of HTTPS.
- Authentication controls and user management.
- Web Session management (cookie handling and session fixation to the client).
- File handling and controls
- User input validation and sanitation.
- Injection attacks for example; Cross Site Scripting, SQL Injection and Cross Site Request Forgery.
- Directory bypass/directory traversal
However, as with all our services, we will tailor the test to your risk, network and budgetary needs.
If you would like more information, please contact us and we will arrange a scoping call.