BOOK A DEMO

Web Application Penetration Testing

Web application testing measures the security posture of your website and/or custom developed application. We perform full unauthenticated and authenticated testing based on strict OWASP guidelines. Our engineers focus on identifying weak points across the entire web application to ensure your applications and data stay safe. Testing activities include hunting OWASP Top 10 Vulnerabilities, website mapping and enumeration, testing for injection attacks (SQL, JavaScript, LDAP, etc.), testing for remote code execution, malicious file upload abuse testing, and more.

All testing performed follows the OWASP v5 guidelines and checklist.

The following tools are commonly used during our web application assessments:

  • Burp Suite Pro
  • Nessus/OpenVas/Nuclei Vulnerability Scanner
  • Nmap
  • Nikto
  • Dirbuster / Dirb / Dirsearch
  • sqlmap
  • BeEF
  • Metasploit
  • Qualys SSL Scanner
  • BuiltWith / whatweb
  • Manual Review

How We Do It

Our Methodology

All testing performed is based on the NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide (v5), and customized testing frameworks.

Kick-Off-Meeting

Customer goals are gathered and rules of engagement obtained.

Discovery

We proceed to perform scanning and enumeration to identify potential vulnerabilities, weak areas, and exploits

Vulnerability Analysis

Perform Automated and manual vulnerability discovery and correlate findings with threat intelligence.

Exploitation/Attack

Confirm potential vulnerabilities through exploitation and perform additional discovery upon new access.

Remediation Validation

We re-test vulnerabilities after fixes to validate security improvements and provide confirmation of closure

Reporting

Document all found vulnerabilities and exploits, failed attempts, and company strengths and weaknesses.

Thorough Testing

Activities performed during web app penetration testing include, but are not limited to:

OWASP Top-10 critical security flaw testing

Website mapping

Malicious file uploads and remote code execution

Password attacks and authentication bypasses

Session attacks

Vulnerability scanning and exploitation

Automated and manual injection testing (XSS, SQL, etc.)

Directory traversal testing

Other testing depending on specific customer content and footprint

See What We Can Do For You

Download a sample penetration test report to see the results we can deliver for your organization. 

DOWNLOAD

Cyber Threats Don’t Sleep. Neither Do We. Get Protected Now!

Talk To An Expert: +267 - 74657500

Ready to Get Started?

See How We Can Secure Your Assets

Let's talk about how cIG can solve your cybersecurity needs. Give us a call or submit your information below and our representative will be in touch to help you build a more resilient security operation today.

Call Us On: +267 - 74657500 | Email: info@cyberintrustionguard.com