Leaders through innovation

Web Application Penetration Testing

Web Application Penetration Testing will identify vulnerabilities which could be accessed through online cyber attacks. An exploitation can result in the theft of information and irreparable damage to your systems.

Web_Application_Penetration_Testing

Xyone uses the Open Web Application Security Project (OWASP) Testing guide V3.0 for conducting penetration testing of web-based applications. The active test is split into 9 sub-categories for a total of 66 controls. The main 9 sub-categories are:

  • Configuration Management Testing

  • Business Logic Testing

  • Authentication Testing

  • Authorisation Testing

  • Session Management Testing

  • Data Validation Testing

  • Denial of Service Testing

  • Web Service Testing

  • Ajax testing

The data obtained from the information gathering phase allows us to search for additional vulnerabilities or exploits that might not form part of the above controls but can be used to penetrate the system.

Our web application penetration testing methodology is adapted each year to ensure we are assessing vulnerabilities in line with the OWASP top ten threats. In 2017, these were identified as:

  • A1 Injection

  • A2 Broken Authentication and Session Management

  • A3 Cross-Site Scripting (XSS)

  • A4 Broken Access Control (As it was in 2004)

  • A5 Security Misconfiguration

  • A6 Sensitive Data Exposure

  • A7 Insufficient Attack Protection 

  • A8 Cross-Site Request Forgery (CSRF)

  • A9 Using Components with Known Vulnerabilities

  • A10 Underprotected APIs

Retests:

It is vital that our clients undertake a retest of their web application penetration test as part of their service. This is to ensure that all vulnerabilities in their applications used have had the necessary controls applied and are no longer at risk of exploitation.

Retests are always clearly quoted within our proposal documentation. Each retest scans all areas originally identified as risks in our original report.

Request a Quote

Complete the fields below and a member of the team will be in touch to discuss your security requirements.

Events Calendar

2017
December
MonTueWedThuFriSatSun
27 28 29 30 1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31