Web Application Security Assessment (WASA)

Credentialed and/or non-credentialed vulnerability assessment and penetration testing of web-based and intranet applications to validate security and protection against outside attackers, malware, privilege escalation and account hijacking. Testing covers injection (URL, SQL, LDAP, cookie etc.), authentication, session management, cross-site scripting, object/function access control, data exposure, misconfigurations, vulnerable components/frameworks/libraries, forged redirect/forwards, cookie security, hashing and more. Includes OWASP Top 10 analysis.


Highlights

  • Web service/application testing
  • With and/or without credentials
  • Testing with cross section of best-of-breed tools
  • Manual validation and penetration testing using expert, state-of-the art techniques and methodologies
  • Vulnerability targets:
    • Lateral and vertical privilege escalation
    • Injection (SQL, LDAP, URL …)
    • Authentication
    • Session management (Session Hijacking)
    • XSS/CSRF
    • Misconfigurations
    • Vulnerable components
    • Forged forward and redirects
    • Malware
    • Buffer overflow
    • Logic flaws
    • more
  • Test against OWASP Top 10
  • Remediation recommendations

Targets

  • Web applications
    • Users from all permissions categories
    • Registration processes
    • Login pages
    • All links/URLs
    • All input fields
    • Application workflows
  • Privileged objects and functionality

Application testing outside attackers authorized users privilege escalation account hijacking credentialed testing

web applications injection authentication session management cross-site scripting object/function access control data exposure misconfigurations vulnerable components/frameworks/libraries forged redirect/forwards

best-practices OWASP Top 10