Web Application Penetration Testing, sometimes referred to as WebApp PenTesting, is the act of simulating an attack on or through a web site or internet application. WebApp’s are everywhere today and more and more attacks begin with a vulnerability in an internet facing website.
Today’s market is driving companies to produce web content at an alarming pace. It’s important to test these applications frequently; seemingly minute changes in the code can expose gaping vulnerabilities and allow attackers a foot-hold into your environment.
Depending on the security budget and awareness of your organization these tests can range from a simple scan for known vulnerabilities to a manual test searching for application and business logic flaws.
If your applications have never been tested or are tested infrequently we recommend starting with a semi-automated test. A PenTester at NBG Networks will run a scanner against your application and then manually test some of the controls that more frequently fail.
- SQL Injection
- Cross-Site Scripting
- Cross-Site Request Forgery
- Login Bypass Vulnerabilities
- Comments in Code
- Common directories with logs and administrative content
- Known exploitable code
- Programming logic flaws
- Bespoke coding vulnerabilities
- Harder to find blind SQL injection issues
- Other less obvious flaws
Please go to the Contacts Section if you would like additional information.