Web Application Security Test

 
 

Web Application Security Test

Identify vulnerabilities in a web application and its resilience to cyber attacks

Improsec delivers an independent security test of a web application. Our in-depth technical tests will uncover vulnerabilities in the application, assess their impact and provide detailed recommendations on remediation.

Value

  • Identify vulnerabilities in a web application and its resilience to cyber attacks

  • Determine if the web application is developed in accordance with best practices

  • Recommendations on how to strengthen the level of security and how hardening of the web application can be applied

Product

The deliverable of the analysis is a written report containing the following:

  • A non-technical section with an Executive Summary for management and decision makers

  • A technical section including detailed observations and tangible recommendations to improve the security level and hardening of the web application

Method

Our methodology is based upon our extensive experience within security testing of web applications and is further supported by the OWASP framework and NIST guidelines for security testing. The methodology is specifically made for web application testing and covers areas such as:

  • Information Exposure

  • Configuration and Deployment Management

  • Identity Management

  • Authentication Mechanisms

  • Authorization Mechanisms

  • Session Management

  • Input Validation

  • Error Handling

  • Cryptography

  • Business Logic

  • Client-Side Attack Vectors

The test is performed as a combination of creative manual test actions and automated scans.

Involvement

The delivery requires minimal involvement of your technical staff.


 
 

Download full description as PDF file