A modern web application features a large number of components that can have vulnerabilities and thus there can also be quite many attack vectors for the attacker.
The OWASP Top Ten are useful as a guideline for the individual tests to be performed; the list of the possible vulnerabilities that we check in a web application test is, however, even more comprehensive.
The following points can be enumerated as a rough pattern:
- Susceptibility to SQL injection
- Susceptibility to XSS / Cross site scripting
- Search for files and folders with contents not intended for the public
- Search for errors in the application, which allow output of non-public data or execution of programs on the server
- Search for misconfiguration (directory listing, SSL configuration)
- Client data safety (logins, sessions, authorization matrix, encryption, etc.)
Our methodology is based on OSSTM 3.0
In case you have questions or would like to receive an offer for a security check of your web application, please contact us.