Web Application Penetration Testing
A penetration test of your website identifies application-level vulnerabilities that may be exploited by an Internet-based attacker.
Like most businesses and organisations, your website is perhaps one of your most valuable assets. Providing your customers and users with a safe and secure online experience is now more important than ever before, so that the reputation of your business is maintained and you instill confidence in your customers.
Cyber-attacks against websites and web applications continue to be one of the most common causes of data breaches against organisations. While many of these attacks are automated, and in many cases are not aimed at a specific target, there has been a significant increase in sustained and targeted attacks against websites by cyber-criminals, hacktivist groups and organised criminal gangs. The motives behind most targeted website attacks range from website defacement, malware injection, Denial of Service (DoS) or attempting to gain access to backend databases containing sensitive information.
Conducting a penetration test of your organisation’s web application, allows you to identify flaws that are present in the underlying code, which may result in exploitable vulnerabilities being present.
Siege Cyber has extensive experience in application-level penetration testing for a wide range of customers. Our consultancy team are adept at identifying the latest web vulnerabilities in your website or application, so you can apply effective security measures to reduce the likelihood of a security breach.
Using a combination of automated and manual testing, our consultant(s) will conduct a thorough assessment of your web application, identifying vulnerabilities that may be exploitable by both unauthenticated and authenticated users. The use of automated tools and scripts combined with an in-depth manual testing approach, allows us to efficiently and accurately test your application and maximise the level of testing that can be performed in the time available. All application testing will be conducted in line with the current standards and methodologies produced by the Open Web Application Security Project (OWASP).
In addition to the common vulnerabilities listed above, we also conduct testing around the following areas:
- Information Gathering
- Configuration & Deployment Management
- Identity Management
- Session Management
- Input Validation
- Error Handling
- Business Logic
- Client Side Scripting
In order for us to be able to perform a penetration test of your web application, we will require the following prior to the test commencing:
- A signed and completed Testing Consent Form.
- URL(s) of the application(s) to be tested.
- Two sets of credentials for each user role to be tested.
- If a Web Application Firewall (WAF) resides in front of the application, we will need this to be disabled or Siege Cyber’s IP address range to be ‘whitelisted’ for the duration of the testing. This ensures that the WAF does not interfere with the testing and allows us to provide you with an accurate set of results.