Our objective of web application security testing is to quantify the level of security exposure in your web application environment. The assessment consits of automated as well as manual testing techniques which identifies application and business logic related vulnerabilities.

Our application security assessment methodology is designed around the following well known security assessment guides such as OWASP, OSSTM, WASC and NIST standards.

Web application security testing at Cibernetica, undergoes the following stages:

Automated Application Testing:

• Asses the web application using well known automated testing tools (such Brup suite, Acunetix, ZAP, Nikto)
• Performing Authenticated / Unauthenticated (Black-box / Grey-box) scans
• To avoid disruption of service of an application we perform safe (Non-intrusive) scans
• Save all vulnerability results for future reference.

Manual Application Testing:

• Our security experts understands the working of entire web application
• Identifying potential security risks, and Threat to the application
• Experts manually develop specific test-cases for your web-application logic
• Excuting the test-cases to validate security vulnerabilities through application penetration testing
• False positive removal, manually verify all the dectected vulnerabilities and their impact
• Re-testing the application for confirmation of fixes, if required

Reporting

Our custom developed reports provide application specific details along with step-by-step fix information.

Some unique aspects of our reports are:

• Detailed fix information and configuration details for your development language and platform
• Multiple fixes and workarounds to help you find the best possible solution
• Coordinating with developers to fix the reported findings, if required