Web application penetration test

A web application penetration test analyses the security posture of web-based applications by reproducing steps that an attacker would take to break into and manipulate the software or the systems on which the application resides.

Not only do we find the usual application security vulnerabilities such as code injection and privilege escalation issues, but our methods also recognise any weaknesses specific to your custom software, including business logic flaws.

Our team relay the findings in the context of your web application, and the final report presents all the issues and recommendations in a clear, understandable and logical way.

Key benefits of web application security tests

  • Find and fix vulnerabilities to secure your website or web application and decrease the chances of a successful cyber breach

  • Recognise previously undiscovered security issues that pose a threat to the confidentiality, integrity and availability of your website or web application via regular security audits

  • Give users, clients, partners and stakeholders the confidence that you have a strong cyber security posture by sharing your penetration testing report
  • Efforts and budget become more focused, addressing the most important security issues and critical vulnerabilities first

  • By testing regularly, you constantly improve the security of your web application and protect your business from the ever-changing threat landscape

  • Create a cyber security benchmark that you can score your web application against after every penetration test

Our web application penetration test approach

 

1. Understanding the web application

It is vital that our analysts understand the full functionality of your website or web application in order to comprehensively test it. This stage involves browsing the application, reviewing user manuals and, if necessary, a walkthrough of the application with your developers.

2. Network assessment

In this step our analysts identify any misconfigurations in the firewall settings which may lead to an increased attack surface. TCP, ICMP and UDP protocols will also be tested during this phase of the web application penetration test.

3. Infrastructure assessment

No web application security test is complete without a thorough assessment of its supporting infrastructure.

Our penetration testers use an extensive range of tools to assess the hosting infrastructure and ensure the correct enforcement of security policies; including password policies, patch management and server hardening.

4. Web application assessment

In this final phase of the web application security assessment, we analyse the application to uncover the posture of the elements such as; access control, authentication, session management, data validation and more.

We combine automated testing to discover all the known vulnerabilities and manual testing using experienced specialists to uncover previously unknown (zero day) flaws. Amongst others, we test against the OWASP (Open Web Application Security Project) TOP 10 vulnerabilities.

5. Penetration test reporting

You are provided with a detailed report of your test results. Vulnerabilities are detailed with a description, risk level, enumeration details and vulnerability IDs such as CVE –ID, Bugtraq-ID. Most importantly we provide clear recommendations for mitigation.

What happens next

We'll schedule a preliminary phone call to learn about your challenges

You'll outline your needs and highlight any relevant applications in a scoping questionnaire

We'll review the results and send a detailed proposal outlining the service and pricing

You'll let us know when to proceed

We'll schedule a convenient start date and begin gathering the required technical information in advance

 

Our Accreditations


      Crest Star                         Cyber Essentials Certification       G-Cloud Supplier

Contact Us

Frequently Asked Questions

 

Will the penetration test affect the availability of our service?

The application testing phase should have little to no impact on the functionality and user experience of the site. If potential Denial of Service vulnerabilities or memory-based overflow situations are identified which could cause application components to be rendered inoperable or non-performant, the technical contact will be informed and an appropriate operational window identified for further testing (e.g. system quiet times).

Do you have experience penetration testing web applications similar to ours?

It is highly likely that we have tested web sites and services similar to your own. We have tested thousands of applications for organisations from a range of sectors including:

  • Financial services
  • Insurance
  • Retail
  • E-commerce
  • IT service providers
  • Oil & gas
  • Government
  • Global consultancy and audit firms

Why do you ask for URL and login credentials?

Or…Shouldn't you be able to find all this information for yourself and identify our systems and their vulnerabilities?

We conduct ethical hacking exercises. This means we are bound by law, ethics and a code of conduct from our industry body (CREST). We therefore do not carry out certain activities that hackers would. Providing this information also allows us to provide a comprehensive test in a shorter time-frame resulting in an affordable test for you.

Time is a less critical factor for a cyber criminal. Attackers will often take months or even years to prepare for an attack on an organisation. A real-life hacker would spend a considerable length of time performing reconnaissance to gain access to sensitive information about your people, processes and systems.

Instead we start the simulation from the point at which your adversary has already gained a foothold in your system.

What types of attacks will be performed during a penetration test?

Attacks or tests will be primarily focused on the application and the hosting server i.e webserver, and any other services exposed on that server.

Attacks include:

  • Injection attacks
  • XSS and XSRF
  • Path traversal attacks
  • Detection of conditions that would lead to phishing or malware propagation (including unvalidated redirects and forwards)
  • Request/response smuggling attacks
  • Attacks targeting weak authentication mechanisms (Insufficient authentication, Privilege escalation, default credentials, user registration process, forgotten password process, weak lock out mechanism, credentials transmitted over unencrypted channel)
  • Accessing another user's data (post/get parameter, cookie parameter manipulation, Role impersonation using parameter overriding attacks)
  • Attacks targeting insecure session management (session fixation, predictable tokens, session expiration, )
  • Attacks targeting hosting platform (directory traversal, file upload, information leakage, testing for SSL vulnerabilities, testing for webserver vulnerabilities, Testing for Webserver Vulnerabilities, local file inclusion, remote file inclusion, information leakage, HTTP security headers)
  • Attacks abusing business logic vulnerabilities resulting in a negative consequence for the organisation.

Bespoke security testing

Minimising Cyber Security Risks

Our Security Testing Programmes help clients identify and mitigate against the vulnerabilities within their infrastructure, processes and people. We design and conduct rigorous investigative engagements that locate and fortify weaknesses within technology, code and human behaviour.

We offer a broad range of standalone and managed security testing services, as part of both point-in-time projects and ongoing, integrated programmes.