Web Application Security Assessment (WASA)
Credentialed and/or non-credentialed vulnerability assessment and penetration testing of web-based and intranet applications to validate security and protection against outside attackers, malware, privilege escalation and account hijacking. Testing covers injection (URL, SQL, LDAP, cookie etc.), authentication, session management, cross-site scripting, object/function access control, data exposure, misconfigurations, vulnerable components/frameworks/libraries, forged redirect/forwards, cookie security, hashing and more. Includes OWASP Top 10 analysis.
Highlights
- Web service/application testing
- With and/or without credentials
- Testing with cross section of best-of-breed tools
- Manual validation and penetration testing using expert, state-of-the art techniques and methodologies
- Vulnerability targets:
- Lateral and vertical privilege escalation
- Injection (SQL, LDAP, URL …)
- Authentication
- Session management (Session Hijacking)
- XSS/CSRF
- Misconfigurations
- Vulnerable components
- Forged forward and redirects
- Malware
- Buffer overflow
- Logic flaws
- more
- Test against OWASP Top 10
- Remediation recommendations
Targets
- Web applications
- Users from all permissions categories
- Registration processes
- Login pages
- All links/URLs
- All input fields
- Application workflows
- Privileged objects and functionality
Application testing outside attackers authorized users privilege escalation account hijacking credentialed testing
web applications injection authentication session management cross-site scripting object/function access control data exposure misconfigurations vulnerable components/frameworks/libraries forged redirect/forwards
best-practices OWASP Top 10
2006-2024 © Illumant, LLC. All Rights Reserved. 