Web Application Penetration Testing
Similar to traditional network penetration testing, our web application penetration testing service is designed to identify and report upon the vulnerabilities that exist within a web application. Vestige’s web application penetration tests are designed to identify weaknesses within the configuration, functions, coding and overall environment in which a web application is hosted. In whole, the testing measures a number of different elements, but at its core the focus is on what potential damage an unauthorized individual or an individual exceeding authorization could have on the data and functionality of the web application.
While Vestige uses the Open Web Application Security Project (OWASP) framework we complement it with our experience garnered from years of performing such tests as well as experience learned from our Incident Response engagements. In particular, the OWASP framework addresses vulnerabilities that are often exploited, including:
- Broken Access Control
- Cryptographic Failures
- Injection-type Attacks
- Insecure Design
- Security Misconfiguration
- Vulnerable and Outdated Components
- Identification and Authentication Failures
- Software and Data Integrity Failures
- Security Logging and Monitoring Failures
- Server-Side Request Forgery
Contact Vestige today to discuss Web Application Penetration Testing for your organization.