Our methodology for pentesting Web Application
The purpose of this penetration test is to simulate the behavior of a malicious third party accessing your application from the Internet. The general objectives during a web application audit are:
- Identify technical vulnerabilities in a recipe environment.
- Analyze their impacts both technically and professionally.
- Determine the risks involved.
- Establish short-term and long-term recommendations for each vulnerability.
- Define the actions to be implemented within a master plan.
Our audits concern web applications of all types, whatever the hosting solution and the programming languages used.
Vulnerabilities we are looking for
- Main vulnerabilities
- Injections (SQL Injection, Blind SQL Injections)
- XSS (cross-site scripting)
- Bad authentication and sessions isolation
- Direct access to protected pages
- Lolcal File Inclusion
- Exposure of sensitive data
- CSRF (Cross site Request Forgery)
- Security misconfiguration
- Invalid redirects
- Lack of cryptographic storage
- Lack of data transfer protection
- Use of vulnerable component
Additional checks
- Configuration
- Databases configuration
- Configuration of the web server's application
- Configuration of the web server's operating system
- Authentication
- Audit of user passwords
- Strong authentication
- Architecture
- Application architecture
- Vertical partitioning errors
- Horizontal partitioning errors