The Advanced Lab
Web Application Testing
Web Application testing is conducted on an application you own. Testing can be completed unauthenticated, authenticated, or a combination of both. During this type of test the Penetration Testing team will be focused on the following:
- SQL injection vulnerabilities
- Input sanitization issues
- Cross-Site Scripting (XSS) vulnerabilities
- Cross-Site Request Forgery (CSRF) vulnerabilities
- File Upload vulnerabilities
- String format vulnerabilities
- Variable manipulation issues
- Error message over-disclosure, Viewstate/cookie over-disclosure
- XML External Entity Injection attacks
- Identify unknown vulnerabilities
- Check the effectiveness of the existing security policies
- Test publicly exposed components, including firewalls, routers, and DNS
- Determine the most vulnerable route for an attack
- Look for loopholes that could lead to the data theft