Web applications

securai_icon_grau_web-anwendungen

Finding vulnerabilities

More and more applications are offered via the web. Classic safeguards, such as firewalls do not offer sufficient protection.

A web application penetration test offers the opportunity to reveal previously unknown vulnerabilities of your web application. We offer this service for classic web application, as well as for web services.

What we test

Your application will be tested for technical vulnerabilities in the course of the penetration test. We check for classic vulnerabilities, like Cross-Site Scripting (XSS) and SQL-Injection. Furthermore, we verify that the authentication and authorization management works as intended. We orientate ourselves towards the OWASP top ten, as well as the Application Security Verification Standard (ASVS) and contribute with our many years of experience.

Our approach

In the first step, you receive a detailed checklist with requirements we have for the assessment. With the start of the audit, we have a joint preliminary discussion, to clarify details and to become familiar with the application. We start the penetration test immediately afterwards. We utilize a checklist to ensure that no important subject is missed. We also implement a more creative part, where the auditor is testing freely. We document the results in a detailed report, which is addressed in a concluding discussion.

What you can expect

You receive a detailed report with the identified vulnerabilities from us. We extensively explain the criticality of the vulnerabilities and what impact they have on you effectively. We provide you with all the means to reproduce the found vulnerabilities yourself. Furthermore, we include specific instructions on how to sustainably remedy the vulnerabilities. You receive the report within one week in advance of our concluding discussion, allowing you to read it carefully and prepare any open questions. Naturally, we are available for any ensuing requests as well.