Application Penetration Testing
An application penetration test focuses on the application layer of the application in scope.
The objective is to identify security weaknesses that could be exploited by motivated malicious individuals to gain unauthorised access to systems or data.
Our Web Application testing methodology is based on the OWASP Top Ten but also goes above and beyond this to incorporate many bespoke testing methodologies that our consultants have designed over many years of carrying out these types of test.
GRC3D examines what is predominantly accessed over HTTP or HTTPS and attempt attacks that the traditional network firewall isn’t designed to protect against. Whilst some automated tools can find some issues, no web application can be reliably and fully tested using automated tools only and they require testing by experienced consultants.
Depending on the application, we perform appropriate testing in the following areas:
- Authentication and Authorisation
- Account and Session Management
- Cross Site Request Forgery (CSRF)
- SQL and Script injection attacks
- Meta character stripping
- Parameter tampering
- Forceful browsing
- Form posting vulnerabilities
- Character bounds checks
- Buffer overflow checks
- Cross-site scripting
- Source code disclosure
- Back doors and debugging options
- Third-party mis-configurations and insecure default configuration settings
- Known software vulnerabilities
- Code Reviews