Exploring web application security
Targeting your Web Application
You can’t go far on the Web today without using a web application. They’ve become ubiquitous, it is how many of us shop, find a plumber or even a partner.
When web applications became established it quickly became apparent, they brought with them new types of security flaws. As time passed these have morphed but they remain, and indeed new types and combinations of technologies have added new classes of attack.
Understanding the process
What are the typical stages?
Typically, we assess web applications by starting at the edge and going inwards. This generally means carefully assessing the outside features and services including all the technologies which are used to support the application. These may be for example site search and product search features. Once all the peripheral features are assessed the inner workings are assessed, these may include the ability to order products or request a refund for example.
Web applications can be large and complex so although use automation where required much of the testing is manual.
What type of findings have you made in the past?
To give a flavour of issues detected in the past, during a web application assessment of a site used to communicate the medical care given to children it was seen possible for one parent to view details of care given to another child. This is an example of an issue which would not be immediately obvious and could go unnoticed, until the application was subjected to comprehensive and detailed penetration testing.
Take ACTION TODAY
Protect Your Organisation with Penetration Testing
Get started with a comprehensive penetration test today and fortify your organisation against cyber threats.