Application Penetration Testing

We provide industry leading security testing of web applications and supporting network infrastructure

Vulnerabilities in web applications are responsible for some of the most high profile data loss incidents of all.

penetration test icon

Ambersail's Application Penetration Testing. Industry leading testing geared to identifying security vulnerabilities in web applications. Typically, these applications can include ecommerce sites or account based applications with registered users.

You can expect the following from our application penetration testing service:

 

 

 

 

 

We set clear objectives

We encourage our clients to have a clear objective for each test. For application penetration testing, this might be to ensure that a new application handling sensitive data cannot be manipulated to expose protected data or supporting networks.

We perform a very thorough assessment

Our application penetration testing service employs test techniques that are unique to web applications architecture. Vulnerabilities such as SQL injection or cross site scripting are typical of the kinds of vulnerabilities that are evaluated. These vulnerabilities can enable an attacker to directly access underlying databases containing valuable or confidential data, or execute malicious software on the server. Application testing requires a significant amount of manual testing to adapt to the bespoke nature of web applications.

Confidentiality

During audit exercises, we are privy to confidential information. We have a blanket rule for confidentiality – no information is discussed with anyone outside of the direct customer relationship. This includes any third parties, subsidiaries or regulators.

You will get understandable results

Clients must be able to act on the results from our tests. Our comprehensive reports consist of both detailed findings and recommendations and high level management summaries and action plans. This, combined with walkthroughs and assessment support ensure that all recommendations are understood and can be actioned.

 

Steps involved in Application Testing...

The diagram below highlights the specific steps taken in our application test methodology:

Phase 1: Discovery.

Initially, it is important to understand which technologies are present in the target application. This includes web servers, databases, web application firewalls, load balancers and so on. The web site structure is also deduced, clearing the way for the next stage, Assessment.

Phase 2: Assessment.

At this stage, the tester knows much about the site structure and supporting technology. Now it is time to understand how the application works, what business functions it supports, and how authentication, authorisation and access control mechanisms are implemented.

Phase 3: Exploration.

With a complete view of the application, the tester’s attention turns to identifying potential implementation vulnerabilities. This could mean, for example, failures in enforcing authentication, authorisation and access control schemes, the leakage of information useful to an attacker, or as is often the case, failure to sufficiently validate input before processing it. Often, simple manual tests carried out by intercepting and modifying web traffic can reveal a wealth of useful information that enables a significant exploit to be constructed and executed.

CREST Registered

Ambersail is CREST Registered. Our test engineers and consultants are certified test consultants.

To contact us call +44 (0)1925 600062 or complete this simple form and we will get back to you as soon as possible.

 

network pen test

Related Service:

Network Penetration Testing

Additional Information

  • CREST Certified Test Team.
  • We consider client communication to be incredibly important. Great emphasis is placed on customers understanding our recommendations and being able to act on them.  
  • We work incredibly closely as a team. At all stages of the audit process, progress is peer reviewed and results discussed amongst members of our test group.
  • All testing is non destructive. Every attempt is made to minimise disruption to your networks that we test. This applies to production, test and development environments.
telephone contact

Need some advice?

Speak to someone friendly and helpful on: +44 (0) 1925 600062

 


 

COMPANY

SERVICES

RELATED

Home

About us

Clients

Contact us

 

Blog

Network Penetration Testing

Application Penetration Testing

 

PCI DSS Compliance

PA DSS Compliance

PCI Self Assessment

PCI DSS policy and procedure suite to boost and support your compliance programme.

Complete PCI DSS elearning and training.

 

© 2014 Ambersail Ltd | Privacy Policy | Terms and Conditions