Home    Products    Security Testing  

Security Testing

What is Web Application Security Testing?

Web application security testing is also known as web application penetration testing and is typically used by clients who need to assure that their high and medium risk web applications are implemented with appropriate security controls.

The objective of a web application security test is to uncover vulnerabilities in the application, and underlying platform, which may allow an adversary to perform malicious activity. Web application security tests are generally conducted remotely.
Overview of our service

Our first activity in the web application security testing process is to establish the specific threats which each application must be able to defend against. Having completed this step, we then we test to find weaknesses which may make these threats exploitable. As part of this service, we also benchmark the web application against the globally accepted security standards. See Web Application Security Certification.

Our penetration test focuses on the goals of the adversary - what does he want to achieve?

After studying the application, the Test Engineer prepares a threat profile and agrees it with the client. The threat profile drives the test plan, which maps each threat in the threat profile to specific pages on the site.

Once the test plan is prepared and agreed by a Test Team Leader, the testing begins. The tests are a combination of manual and automated checks. When an attack succeeds, we capture the screenshots of the attack. Our final report walks through the attack with the aid of these screenshots.

Within the report the final results are clearly benchmarked against OWASP Top 10 (for PCI DSS), The Plynt Certification Criteria (Web Security Assurance Programme) or the client's internal security standards.

Our engineers test applications written to a wide range of platforms from J2EE to .Net, and from Mobile applications to Mainframe applications.
Key service attributes

Our web application security testing and certification service has received multiple industry awards.
Comprehensive threat profiling provides clarity of your real security risks
Measurement and certification against global standards provides credible security benchmarking
Zero false positive findings - human intelligence is used to verify each finding, allowing you to effectively focus on fixing the real issues
Highly mature testing process provides exhaustiveness and consistency
Reporting is detailed and transparent, showing exactly what has and hasn’t been tested
Web Application Security Certification programme provides evidence of strong web application security controls

What you receive

The results of the tests are presented logically and clearly and are provided through an online secure portal. The test report includes the following details:

Executive summary
Regulation compliance
Vulnerability graph
Detailed vulnerabilities
Detailed steps
Solution
Further reading
Unconfirmed vulnerabilities
Detailed steps
Solution
Further reading
Observations
Description
Solution
Test plan
Interpreting risk ratings
Mitigation tracker
Plynt Certification Criteria compliance
The OWASP Top 10
PCI DSS Compliance


The reports provide a view of the findings ranked by risk level, helping you priorities on the areas of greatest risk. Clear guidance and concise solutions are included to help you quickly eliminate all vulnerabilities found.
What to do next

Contact us on 09650 590 590, email us at info@itvision.in or complete our Enquiry Form to discuss requirements, get an online demonstration, request a sample report or arrange a meeting.