Web Application Testing

Web Application Penetration Testing, sometimes referred to as WebApp PenTesting, is the act of simulating an attack on or through a web site or internet application.  WebApp’s are everywhere today and more and more attacks begin with a vulnerability in an internet facing website.

Today’s market is driving companies to produce web content at an alarming pace.  It’s important to test these applications frequently; seemingly minute changes in the code can expose gaping vulnerabilities and allow attackers a foot-hold into your environment.

Depending on the security budget and awareness of your organization these tests can range from a simple scan for known vulnerabilities to a manual test searching for application and business logic flaws.

 

If your applications have never been tested or are tested infrequently we recommend starting with a semi-automated test.  A PenTester at NBG Networks will run a scanner against your application and then manually test some of the controls that more frequently fail.

These tests reveal items such as:

• SQL Injection
• Cross-Site Scripting
• Cross-Site Request Forgery
• Login Bypass Vulnerabilities
• Comments in Code
• Common directories with logs and administrative content
• Known exploitable code

More Advanced manual testing will reveal items such as:

• Programming logic flaws
• Bespoke coding vulnerabilities
• Harder to find blind SQL injection issues
• Other less obvious flaws

During advanced tests, it’s often helpful if you can provide NBG Networks with the code for a code review or access to the server.  Server access generally speeds up the process of reviewing a web application, while still accurately portraying an attacker.  Your company has a limited time and budget to test these applications but attackers do not.

Please go to the Contacts Section if you would like additional information.