Security Audit

  • Category: Penetration Testing
  • Standards followed: OWASP TOP10, SANS25, OSINT
  • Services Brochure: Download

Web Application Penetration Testing

Web Applications provide the interface between our most sensitive assets: Data and User. Maintaining an online presence has always been a risk. Web applications can be a serious security threat to the organization as even unauthorised users have the advantage of ‘quick,’ and ‘seamless’ access to critical business data, making your organization more vulnerable to major security risks. What’s even worse? Well, the vulnerabilities in web applications are generally much easier to locate and exploit.

Any vulnerability could lie in the least expected places. An unsecure website could pave the way for an attacker to inside your organization. Therefore Alpha Threat adapt the globally recognised OSINT, OWASP and SANS 25 methodology for the audit activity. Not only the security vulnerabilities but logical flaws are also considered during audit that could directly affect the functioning of the application and business.

Types of Penetration Testing:

  • BlackBox Testing: Testing based on limited or no knowledge of the application. This emulates the real life attack scenario.
  • WhiteBox Testing: Testing based on provided privileges to the applications like standard user and admin rights. This also helps in finding of vulnerabilities that could lead to possible user impersonation and escalation.


  • WEB APP PENETRATION TESTING METHODOLOGY


    Defining Scope

    Scoping includes interaction with the client and defining the parts and subdomains of the application that need to undergo audit.

    Recoinassance

    This phase includes information gathering. A mix of techniques including enumeration and OSINT are applied. This helps to gather intelligence such as exposed data, data breach, misconfiguration, etc.

    Penetration Testing

    This phase includes the real attacks on web application. This phase reveals underlying vulnerabilities like SQL injection, XSS, privilege escalation, etc.

    Reporting/ Remediation

    This phase includes report submission of findings and developer support in patching of the same.

    DELIVERABLE


    The key delieverable from the testing includes a detailed report explaining:
  • A full list of found vulnerabilities
  • Details on the Type of Vulnerability and its impact
  • List of affected applications and pages
  • Proof of Exploitation with attached screenshots
  • Recommendations on neutralising identified vulnerabilities
  • Complimetary security measures that can be implemented by the organisation
    Vulnerabilities are risk ranked to prioritised remediation.
  • Contact

    Got Questions? We are just an email away!

    Location:

    Bangalore,
    India

    Call:

    +91 93685 75559

    Loading
    Your message has been sent. Thank you!