Web Penetration Testing
Web Penetration Testing
Our penetration testing team will combine manual penetration testing techniques with automated tools which will ensure the best coverage and detection rate of potential vulnerabilities.
The testing process consists in test scenarios focused on areas such as injection flaws
During every Web Application assessment we perform the following steps in order to deliver quality services to our customers:
Building a Threat Model
An threat model will be created to explore assets, threats, attack vectors and conditions required for successful attack. To perform this, our experts will investigate the architecture of the applications, the involved technology as well as the key security requirements and threats. This step might involve techical meetings and discutions with key personnel from the customer’s staff.
Building an evaluation plan
The next step involves reviewing threat model results performed by our certified penetration testers and generate test scenarios to cover possible threats. The test scenarios custom to your web application’s specifics will be combined together with OWASP’s testing methodology to generate a test plan that will guide the attack and test execution process, ensuring every avenue of attack is thoroughly covered.
Executing the evaluation
In the third step the actual attacks scenarios are performed, as they are described in the test plan resulting in one or more vulnerabilities that will be identified. All the identified vulnerabilities will be carefully documented, preserving evidence and describing necessary steps to reproduce them.
Creating the report and present it to the Customer
This is the final step of the assessment and one of the most important in the process. We believe that quality reporting of the identified vulnerabilities along with practical remediation recommendations ensures the project’s success. Also, the impact and severity scores associated with each vulnerability will be thoroughly explained from both management and technical perspectives.
Web Pentration testing will present the real-world attack vectors that could impact your web application’s valuable assets. A pentest should ultimately reveal you how effective your security controls are against these attacks.
Dynatech’s Web penetration testing services comply with Open Web Appliction Security Project (OWASP) testing methodology and Application Security Verification Standard (ASVS) completed with custom tests specific to your own web application’s workflows and business logic. We provide Black-Box, Grey-Box or White-Box testing approaches to meet your specific needs.
Our web penetration testing methodology is based on the following industry standards:
Open Web Application Security Project (OWASP) Testing Guide
Technical Guide to Information Security Testing and Assessment (NIST 800-115)
The Penetration Testing Execution Standard (PTES)
Payment Card Industry (PCI) Penetration Testing Guidance
