Web Application Security Assessment (WASA)
Credentialed and non-credentialed vulnerability assessments and penetration tests of web-based and intranet applications to validate security against external attackers, malware, privilege escalation, and account hijacking. Testing covers injection vulnerabilities (e.g., URL, SQL, LDAP, cookies), authentication weaknesses, session management flaws, cross-site scripting (XSS), access control issues, data exposure, misconfigurations, vulnerable components, frameworks, libraries, forged redirects/forwards, cookie security, and hashing vulnerabilities. It includes a comprehensive analysis based on OWASP Top 10 standards.
Highlights
- Web service and application testing
- Credentialed and non-credentialed testing
- Utilizes a cross-section of best-in-class security tools
- Manual penetration testing using state-of-the-art techniques and methodologies
- Key vulnerability targets include:
- Lateral and vertical privilege escalation
- Injection attacks (SQL, LDAP, URL, etc.)
- Authentication vulnerabilities
- Session management issues (including session hijacking)
- XSS and CSRF vulnerabilities
- Misconfigurations
- Vulnerable components
- Forged redirects and forwards
- Malware vulnerabilities
- Buffer overflow
- Logic flaws
- Comprehensive OWASP Top 10 testing
- Detailed remediation recommendations
Targets
- Web applications:
- All user permission levels
- User registration processes
- Login pages
- All links and URLs
- All input fields
- Complete application workflows
- Privileged objects and functionalities
Application testing External attackers Authorized users Privilege escalation Account hijacking Credentialed testing
Web applications Injection Authentication Session management Cross-site scripting Access control Data exposure Misconfigurations Vulnerable components Forged redirects
2006-2025 © Illumant, LLC. All Rights Reserved. 