Web Application Penetration Testing is About Protecting Sensitive Data

Web Application Pentesting

Web Application Penetration Testing ultimately aims to determine whether malicious attackers potentially could compromise the security of your system. It is protecting sensitive date. Often you select one or very few to test. as opposed to Infrastructure Penetration Testing

The goal is to remove vulnerabilities, so key applications are better protected and operation of your companies key business processes is higher.

Generic Process with a Web Application Twist

At Seculyze, we use the generic Penetration Testing Process as depicted in the overall pentesting offering. Two main phases are further split into sub-phases to describe the special nature of Web Application Penetration Testing. 

  • Phase 2: Discover is divided into the subphases 2a: Map and 2b: Discover
  • Phase 3: Attack is divided into the subphases 3a: Access and 3b: Exploit
Web Application Penetration Testing

Web Application

Process

Four generic phases based on generic process based on NIST 800-115 of which two are divided into sub-phases in the We Application Penetration Testing process

OWASP and Web Application Penetration Testing

A key framework that Seculyze uses in web penetration testing is the OWASP top 10. Seculyze will always use the top 10 most common risks as a basis for the web application penetration testing, and together with you define any additional required risks that should be tested for.

The OWASP top 10 risks for 2021 are listed here. Seculyze uses it in several phases of Web Application Penetration Testing. You can find an updated list of the newest, top 10 most common vulnerabilities on OWASPs webpage

  1. Broken Access Control
  2. Cryptographic Failures
  3. Injection
  4. Insecure Design
  5. Security Misconfiguration
  6. Vulnerable and Outdated Components
  7. Identification and Authentication
  8. Software and Data Integrity Failures
  9. Security Logging and Monitoring Failures
  10. Server-Side Request Forgery

Want to know more about Infrastructure Penetration Testing?

Kristian Jacobsen

Contact

Kristian Jacobsen

CTO

+45 61792740

kristian@seculyze.com

Other Consultancy Services

Looking For Something Else?

Azure Design & Review >

SIEM Design & Review >