Web Application Testing

Web Application testing is conducted on an application you own. Testing can be completed unauthenticated, authenticated, or a combination of both. During this type of test the Penetration Testing team will be focused on the following:

• SQL injection vulnerabilities
• Input sanitization issues
• Cross-Site Scripting (XSS) vulnerabilities
• Cross-Site Request Forgery (CSRF) vulnerabilities
• File Upload vulnerabilities
• String format vulnerabilities
• Variable manipulation issues
• Error message over-disclosure, Viewstate/cookie over-disclosure
• XML External Entity Injection attacks
• Identify unknown vulnerabilities
• Check the effectiveness of the existing security policies
• Test publicly exposed components, including firewalls, routers, and DNS
• Determine the most vulnerable route for an attack
• Look for loopholes that could lead to the data theft