Web Application Security Assessment (WASA)

Credentialed and/or non-credentialed vulnerability assessment and penetration testing of web-based and intranet applications to validate security and protection against outside attackers, malware, privilege escalation and account hijacking. Testing covers injection (URL, SQL, LDAP, cookie, etc.), authentication, session management, cross-site scripting, object/function access control, data exposure, misconfigurations, vulnerable components/frameworks/libraries, forged redirect/forwards, cookie security, hashing and more. Includes OWASP Top 10 analysis.

Highlights
  • Web service/application testing
  • With and/or without credentials
  • Testing with cross section of best-of-breed tools
  • Manual validation and penetration testing using expert, state-of-the art techniques and methodologies
  • Vulnerability targets:
    • Lateral and vertical privilege escalation
    • Injection (SQL, LDAP, URL …)
    • Authentication
    • Session management (Session Hijacking)
    • XSS/CSRF
    • Misconfigurations
    • Vulnerable components
    • Forged forward and redirects
    • Malware
    • Buffer overflow
    • Logic flaws
    • more
  • Test against OWASP Top 10
  • Remediation recommendations
Targets
  • Web applications
    • Users from all permissions categories
    • Registration processes
    • Login pages
    • All links/URLs
    • All input fields
    • Application workflows
  • Privileged objects and functionality

Need More Information?

How well is your company protected against a Malware or Ransomware attack? Contact us for a free Ransomware Simulation and validate your preparedness.

Contact Us