Ambersail's Application Penetration Testing. Industry leading testing geared to identifying security vulnerabilities in web applications. Typically, these applications can include ecommerce sites or account based applications with registered users.
You can expect the following from our application penetration testing service:
We set clear objectives
We encourage our clients to have a clear objective for each test. For application penetration testing, this might be to ensure that a new application handling sensitive data cannot be manipulated to expose protected data or supporting networks.
We perform a very thorough assessment
Our application penetration testing service employs test techniques that are unique to web applications architecture. Vulnerabilities such as SQL injection or cross site scripting are typical of the kinds of vulnerabilities that are evaluated. These vulnerabilities can enable an attacker to directly access underlying databases containing valuable or confidential data, or execute malicious software on the server. Application testing requires a significant amount of manual testing to adapt to the bespoke nature of web applications.
During audit exercises, we are privy to confidential information. We have a blanket rule for confidentiality – no information is discussed with anyone outside of the direct customer relationship. This includes any third parties, subsidiaries or regulators.
You will get understandable results
Clients must be able to act on the results from our tests. Our comprehensive reports consist of both detailed findings and recommendations and high level management summaries and action plans. This, combined with walkthroughs and assessment support ensure that all recommendations are understood and can be actioned.
Steps involved in Application Testing...
The diagram below highlights the specific steps taken in our application test methodology:
Phase 1: Discovery.
Initially, it is important to understand which technologies are present in the target application. This includes web servers, databases, web application firewalls, load balancers and so on. The web site structure is also deduced, clearing the way for the next stage, Assessment.
Phase 2: Assessment.
At this stage, the tester knows much about the site structure and supporting technology. Now it is time to understand how the application works, what business functions it supports, and how authentication, authorisation and access control mechanisms are implemented.
Phase 3: Exploration.
With a complete view of the application, the tester’s attention turns to identifying potential implementation vulnerabilities. This could mean, for example, failures in enforcing authentication, authorisation and access control schemes, the leakage of information useful to an attacker, or as is often the case, failure to sufficiently validate input before processing it. Often, simple manual tests carried out by intercepting and modifying web traffic can reveal a wealth of useful information that enables a significant exploit to be constructed and executed.
Ambersail is CREST Registered. Our test engineers and consultants are certified test consultants.
- CREST Certified Test Team.
- We consider client communication to be incredibly important. Great emphasis is placed on customers understanding our recommendations and being able to act on them.
- We work incredibly closely as a team. At all stages of the audit process, progress is peer reviewed and results discussed amongst members of our test group.
- All testing is non destructive. Every attempt is made to minimise disruption to your networks that we test. This applies to production, test and development environments.
Need some advice?
Speak to someone friendly and helpful on: +44 (0) 1925 600062