What is Application Testing?
Application Testing allows an organisation to evaluate the security of its applications against the latest threats.
These assessments help identify vulnerabilities such as SQL Injection and Cross-Site Scripting within web applications, as well as privilege escalation, buffer overflow issues within ‘thick clients’.
Cognisys consultants have many years of experience in application security which allows us to understand and evaluate your application comprehensively.
Our Approach to Web Application Pen Testing
Our approach includes assessing an application for potential vulnerabilities, using both automated and manual techniques, followed by exploitation of the vulnerabilities discovered to understand the scope of the risk. These findings are verified to make sure no false positives are reported.
No dangerous testing or exploitation of vulnerabilities will be conducted without authorisation from the client. Our tests follow the methodology outlined by the Open Web Application Security Project (OWASP) and Open-Source Security Testing Methodologies.
Along with assessing the actual technical risk, our consultants use root cause analysis techniques to help your organisation mitigate the issues as quickly as possible. This will help reduce the risk posed to users of your applications and also the likelihood of the next ‘hacking’ headline being related to your company.
After reporting the issues discovered during the tests, our consultants are also available for further follow-up calls to clarify certain issues or help your organisation understand the risks posed.
Our service can be fully tailored to the needs of your business, with reporting delivered in your preferred format where possible.
What Web Application Penetration Testing Involves
The following high-level areas are included within the application assessment:
- Web server configuration
- Cryptography and communication mechanisms
- Authentication and authorisation
- Session management
- Input and output validation
- Business logic
- Data storage security (where possible)
- Assessment steps
The application is evaluated, with a manual walkthrough designed to identify functionality and key areas to focus on.
The assessment commences, utilising manual and automated techniques
The assessment is documented in a simple, easily digestible, format.