SynerComm provides the following web application testing services:
Web Application Penetration Testing
The objective of a Web Application Penetration Test is for SynerComm to achieve a specific goal, such as stealing customer data or performing an unauthorized transaction, by attacking a web application. A web app penetration test generally goes as follows:
- The penetration tester performs reconnaissance on the target company and web application, looking for information about what vulnerabilities may likely exist in the web app.
- Targeted testing is performed against the web application, focused on likely vulnerabilities and using techniques that reduce the likelihood the tester will be detected.
- If a vulnerability is found, the penetration tester will “exploit it”, or use the vulnerability to achieve their final goal or otherwise gain further access to the system.
The penetration test simulates what an actual attacker would do if they were trying to penetrate your web application. In this way the pen test is also at test of the people, systems and processes you have in place to prevent, detect and respond to these types of attacks. A Web Application Penetration Test report generally includes the vulnerabilities that were found, how they were exploited, and the extent of access and success the penetration tester was able to achieve.
Web Application Vulnerability Assessment
The objective of a Web Application Vulnerability Assessment is for SynerComm to attempt to identify as many serious vulnerabilities as possible in a web application. A web app vulnerability assessment generally goes as follows:
- A scan is performed to map out and inventory the website and its embedded applications, forms, and links.
- A web vulnerability scanner is run against the web application, testing for misconfigurations and thousands of known and common vulnerabilities.
- Manual testing is performed to validate the scanner’s findings and to detect vulnerabilities that wouldn’t be tested for by the scanner.
- Vulnerabilities that are found are not exploited, just reported.
The report of a vulnerability assessment generally contains a list of the vulnerabilities found, including information about the severity, impact, and recommendations for resolving each vulnerability.
Web Application Audit
A web application audit is a more holistic look at the environment and processes that impact the security of the web application. Aspects of a web application audit may include:
- Web Application Vulnerability Assessment
- Source Code Review
- Code development, versioning, testing, and deployment process review
- Back end server and database vulnerability assessments
- Review of hosting architecture including web platform, firewall and DMZ config
- Authorization, Access Control, Session Management, and Encryption framework reviews
- Acquisition and cloud host/third party vendor management
Which type of test is right for you?
Most of our clients choose a combination of the activities involved in each type of test above. We do not take a cookie-cutter approach to our web application testing services. Instead we listen and learn about your application testing needs and customize a statement of work to meet your specific requirements.
Why should I choose AssureIT for my web application test?
SynerComm AssureIT’s strength lies in our talented and experienced security consultants, who have backgrounds in audit, penetration testing, software development, network administration, and network and web application security. Unlike many other security companies, we will not just run a scanner and hand you the report. We perform automated and manual testing using state of the art techniques and commercial web application testing tools to provide accurate and comprehensive testing of your web application.
What types of vulnerabilities do you test for?
SynerComm AssureIT’s web application testing generally starts with the OWASP top 10 Application Security Risks, covering topics such as as injection, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), authentication, session management, access control, encryption, and server configuration. We then extend our activities to manual and automated tests outside of the OWASP Top 10, looking for flaws in areas such as application logic, variable handling, third party software libraries, server patching and hardening, and information disclosure, among others.
How much does a web application vulnerability assessment or pen test cost?
Web Application security tests vary greatly based on the scope and nature of the application and your requirements and reason for testing. For a basic estimate, please use our Web Application Penetration Testing Cost Estimator. You can also use the form at the right to contact us and request a quote today.