Web Application Security Testing
Our experts are actively involved in identifying the world’s most critical web application security flaws through ongoing hands-on research and contributions to security projects such as OWASP TOP 10, Web Application Security Consortium Threat Classification and Common Vulnerability Scoring System (CVSS).
Primehack Web Application Security Tests involve detailed analysis of an application’s design, networking, operating system settings, external data sources, data warehousing, authorization mechanisms, and authentication components. We can perform an analysis from the perspective of an outside intruder ("black box") and by analyzing the source code itself ("white box"). And if you've already fallen victim to a web attack, or have detected any anomalies in your applications, we can provide incident response services to verify the problem. In all cases, our experts will provide detailed recommendations for fixing the flaws they find.
An assessment typically follows these steps:
Determine the analysis method (black box, white box, or a combination of both)
Conduct automated and manual audits and inspections for individual types of vulnerabilities
Analyze the characteristics of identified vulnerabilities
Create scenarios that could be used by an actual attacker, and build and execute simulated attacks
Attempt to exploit the most critical vulnerabilities through a series of coordinated attacks
Review logs from the web application to verify whether a suspected incident has occurred
Assess outcomes and present recommendations to address identified weaknesses
The key deliverable from our testing is a report containing:
Explanations for all identified vulnerabilities
Likely success/impact of hacker exploitation of the most critical vulnerabilities identified
Recommendations to mitigate the identified vulnerabilities