WEB APPLICATION PENETRATION TEST
Web applications have become common targets for attackers. Attackers can leverage relatively simple vulnerabilities to gain access to confidential information most likely containing personally identifiable information.
While traditional firewalls and other network security controls are an important layer of any Information Security Program, they can’t defend or alert against many of the attack vectors specific to web applications. It is critical for an organisation to ensure that its web applications are not susceptible to common types of attack.
Best Practice suggests that an organisation should perform a web application test in addition to regular security assessments in order to ensure the security of its web applications.
CGF Web Application Testing methodology is based on the Open Web Application Security Project (OWASP) methodology which includes:
- Software Infrastructure/Design Weaknesses
- Input Validation Attacks
- Cross Site Scripting Attacks
- Script Injection Attacks (SQL Injection)
- CGI Vulnerabilities
- Password Cracking
- Cookie Theft
- User Privilege Elevation
- Web/Application Server Insecurity
- Security of Plug-In Code
- 3rd Party Software Vulnerabilities
- Database Vulnerabilities
- Privacy Exposures
Cyber Geek Force’s’ Web Application Penetration Tests are performed by experienced security engineers who have a vast level of knowledge and many years of experience testing online applications. CGF Web application testing metholdology is performed using the best of manual techniques and then using automated tools to ensure total application coverage. The methodology allows CGF’s consultants be consistent in finding vulnerabilities beyond what may be found with just automated scanning tools.