Leaders Through Innovation
Web Application Penetration Testing will identify vulnerabilities which could be accessed through online cyber attacks. An exploitation can result in the theft of information and irreparable damage to your systems.
Xyone uses the Open Web Application Security Project (OWASP) Testing guide V3.0 for conducting penetration testing of web-based applications. The active test is split into 9 sub-categories for a total of 66 controls. The main 9 sub-categories are:
Configuration Management Testing
Business Logic Testing
Authentication Testing
Authorisation Testing
Session Management Testing
Data Validation Testing
Denial of Service Testing
Web Service Testing
Ajax testing
The data obtained from the information gathering phase allows us to search for additional vulnerabilities or exploits that might not form part of the above controls but can be used to penetrate the system.
Our web application penetration testing methodology is adapted each year to ensure we are assessing vulnerabilities in line with the OWASP top ten threats. In 2017, these were identified as:
A1 Injection
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Broken Access Control (As it was in 2004)
A5 Security Misconfiguration
A6 Sensitive Data Exposure
A7 Insufficient Attack Protection
A8 Cross-Site Request Forgery (CSRF)
A9 Using Components with Known Vulnerabilities
A10 Underprotected APIs
Retests:
It is vital that our clients undertake a retest of their web application penetration test as part of their service. This is to ensure that all vulnerabilities in their applications used have had the necessary controls applied and are no longer at risk of exploitation.
Retests are always clearly quoted within our proposal documentation. Each retest scans all areas originally identified as risks in our original report.
We provide a comprehensive range of penetration testing, certification, information security consultancy and managed services for SMEs, public sector organisations and larger corporates looking to protect their business and enhance overall security of their IT systems.
Our specialists will help you identify and manage risks around your various data assets to give you, your employees and your customers much greater peace of mind.
Contact us today to learn more about how we can help you, or have a look at what we do to learn more about our services.
Hover over each section to find out more