Web applications have become common targets for attackers. Attackers can leverage relatively simple vulnerabilities such as SQL Injections to gain access to confidential information such as personal identifiable information.
While traditional firewalls and other network security controls are an important layer of defense, they can’t defend or alert against many of the attack vectors specific to web applications.
Best Practice suggests that an organisation should perform a web application test in addition to regular security assessments in order to ensure the security of its web applications.
Our Testing methodology is based on the Open Web Application Security Project (OWASP) methodology which includes:
- Injection Attacks
- Under-protected APIs
- Cross Site Scripting Attacks
- Input Validation Attacks
- Password Cracking
- Cookie Theft
- User Privilege Elevation
- Web Application Server Insecurity
- Third Party Software Vulnerabilities
- Database Vulnerabilities
- Privacy Exposures
Svitsec’s Web application testing methodology is performed using the manual techniques and automated tools to ensure total application coverage.