What is a penetration test for web applications?

The term “web application penetration test” refers to a test performed by an external expert that determines whether vulnerabilities exist in an application by testing each interface to the application, including the server operating system, application platform, and database.

To ensure a safe and thorough penetration test, our team follows a structured methodology that includes the following steps: Listing, vulnerability assessment and exploitation.

The test team will use tools such as:

• port scanners

• sniffers

• proxy servers

Site crawlers

• manual inspection

With the output of these tools, the team can collect information such as:

• open gates

• services

• versions

Operating systems

• banners

The vulnerability assessment uses the data collected in the previous step to discover potential vulnerabilities in the web server (s), application server (s), database server (s) and all intermediate devices such as firewalls and load balancers. The assessment team will use a number of commercial, open source and in-house developed tools during the assessment.

The assessment team does not rely solely on tools to discover vulnerabilities. A lot of time is spent manually inspecting items such as HTTP responses, hidden fields, and HTML page resources.

The vulnerability stage includes the following ten areas:

• Import validation

• Access control

• Authentication and session management

• Cross-site scripting

• Buffer overflows

• Injection errors

• Error handling

• Unsafe storage

• Denial of Service

• Configuration management

Controlled attacks are performed for every reported vulnerability, except attacks that can cause a Denial of Service condition. Denial of Service vulnerabilities are always discussed with the customer and a test solution is formulated. Possible options for Denial of Service testing include testing for a period of time, testing a development system, or manually verifying the state that may or may not be responsible for the vulnerability.

In the final reporting phase, recommendations and comments on the overall effectiveness of the network are summarized, and for better effectiveness, three types of reports are presented: a summary, a summary of high-level findings, a technical assessment, intended only for IT Executives, and a summary of discovery findings, included for reference.

Source by Jeff Guindon