What is Web Application Security Testing?
Web application security testing is also known as web application penetration testing and is typically used by clients who need to assure that their high and medium risk web applications are implemented with appropriate security controls.
The objective of a web application security test is to uncover vulnerabilities in the application, and underlying platform, which may allow an adversary to perform malicious activity. Web application security tests are generally conducted remotely.
Overview of our service
Our first activity in the web application security testing process is to establish the specific threats which each application must be able to defend against. Having completed this step, we then we test to find weaknesses which may make these threats exploitable. As part of this service, we also benchmark the web application against the globally accepted security standards. See Web Application Security Certification.
Our penetration test focuses on the goals of the adversary - what does he want to achieve?
After studying the application, the Test Engineer prepares a threat profile and agrees it with the client. The threat profile drives the test plan, which maps each threat in the threat profile to specific pages on the site.
Once the test plan is prepared and agreed by a Test Team Leader, the testing begins. The tests are a combination of manual and automated checks. When an attack succeeds, we capture the screenshots of the attack. Our final report walks through the attack with the aid of these screenshots.
Within the report the final results are clearly benchmarked against OWASP Top 10 (for PCI DSS), The Plynt Certification Criteria (Web Security Assurance Programme) or the client's internal security standards.
Our engineers test applications written to a wide range of platforms from J2EE to .Net, and from Mobile applications to Mainframe applications.
Key service attributes
Our web application security testing and certification service has received multiple industry awards.
- Comprehensive threat profiling provides clarity of your real security risks
- Measurement and certification against global standards provides credible security benchmarking
- Zero false positive findings - human intelligence is used to verify each finding, allowing you to effectively focus on fixing the real issues
- Highly mature testing process provides exhaustiveness and consistency
- Reporting is detailed and transparent, showing exactly what has and hasn’t been tested
- Web Application Security Certification programme provides evidence of strong web application security controls
What you receive
The results of the tests are presented logically and clearly and are provided through an online secure portal (also downloadable as a PDF). The test report includes the following details:
- Executive summary
- Regulation compliance
- Vulnerability graph
- Detailed vulnerabilities
- Detailed steps
- Further reading
- Unconfirmed vulnerabilities
- Detailed steps
- Further reading
- Test plan
- Interpreting risk ratings
- Mitigation tracker
- Plynt Certification Criteria compliance
- The OWASP Top 10
- PCI DSS Compliance
The reports provide a view of the findings ranked by risk level, helping you prioritise on the areas of greatest risk. Clear guidance and concise solutions are included to help you quickly eliminate all vulnerabilities found.
What to do next
Contact us on 020 7148 7475, email us at email@example.com or complete our Enquiry Form to discuss requirements, get an online demonstration, request a sample report or arrange a meeting.