Web Application Testing

Web Application Penetration Testing, sometimes referred to as WebApp PenTesting, is the act of simulating an attack on or through a web site or internet application.  WebApp’s are everywhere today and more and more attacks begin with a vulnerability in an internet facing website.

Today’s market is driving companies to produce web content at an alarming pace.  It’s important to test these applications frequently; seemingly minute changes in the code can expose gaping vulnerabilities and allow attackers a foot-hold into your environment.

Depending on the security budget and awareness of your organization these tests can range from a simple scan for known vulnerabilities to a manual test searching for application and business logic flaws.

 

If your applications have never been tested or are tested infrequently we recommend starting with a semi-automated test.  A PenTester at NBG Networks will run a scanner against your application and then manually test some of the controls that more frequently fail.

These tests reveal items such as:
    • SQL Injection
    • Cross-Site Scripting
    • Cross-Site Request Forgery
    • Login Bypass Vulnerabilities
    • Comments in Code
    • Common directories with logs and administrative content
    • Known exploitable code
More Advanced manual testing will reveal items such as:
  • Programming logic flaws
  • Bespoke coding vulnerabilities
  • Harder to find blind SQL injection issues
  • Other less obvious flaws
During advanced tests, it’s often helpful if you can provide NBG Networks with the code for a code review or access to the server.  Server access generally speeds up the process of reviewing a web application, while still accurately portraying an attacker.  Your company has a limited time and budget to test these applications but attackers do not.

Please go to the Contacts Section if you would like additional information.

Comments are closed.