Web application security tests (penetration tests)
Purpose
Security audit of the web application and the server on which the website is running, in order to find vulnerabilities that, for example, threaten the confidentiality of customer data, have an impact on the business aspect of the business.
Range of activities
Manual tests covering the most common and serious threat types (OWASP Top 10):
SQL injection
XSS (Cross Site Scripting)
Vulnerability of CSRF (Cross Site Request Forgery)
Broken Authentication and Session Management (examination of the operation of sessions, cookies and attempts to bypass the login)
Authorization Bypass (attempts to access resources without user authentication)
Code Execution (attempts to execute malicious code on the server)
Information Leakage (attempts to detect leakage of important information from the server)
Insecure Communications (access to protected data – e.g. an administrative account without encryption)
Source Disclosure (attempts to disclose the source code of the software used)
Path Traversal
Open Redirection
Denial of Service (DoS)
File Inclusion
Web server configuration verification:
Security of SSL encryption configuration
Analysis of vulnerabilities occurring in the installed software