Web Application Pentest

A modern web application features a large number of components that can have vulnerabilities and thus there can also be quite many attack vectors for the attacker.

The OWASP Top Ten are useful as a guideline for the individual tests to be performed; the list of the possible vulnerabilities that we check in a web application test is, however, even more comprehensive.

The following points can be enumerated as a rough pattern:

  • Susceptibility to SQL injection
  • Susceptibility to XSS / Cross site scripting
  • Search for files and folders with contents not intended for the public
  • Search for errors in the application, which allow output of non-public data or execution of programs on the server
  • Search for misconfiguration (directory listing, SSL configuration)
  • Client data safety (logins, sessions, authorization matrix, encryption, etc.)

Our methodology is based on OSSTM 3.0

In case you have questions or would like to receive an offer for a security check of your web application, please contact us.