Web Application Penetration Testing
Are your web applications secure? We can validate this for you with a Web Application Penetration Test (Black and Gray Box). Web applications are one of the most frequently attacked items on the Internet and are often the most insecure.
We emulate an attacker by utilizing similar techniques to perform reconnaissance, identify vulnerabilities, and break into your systems. Unlike an attacker, however, we stop our test before exposing sensitive data or doing harm to your environment. With the “Black Box” Penetration Test, this means we have unauthenticated access and have little prior knowledge, except the IP Address, about the systems in scope. We will also perform a Gray Box Penetration Test of each system, as applicable, after the Black Box Penetration Test. With a Gray Box Penetration Test, we have "user" level knowledge about and access to a system. A Gray Box Penetration Test is used to test an application that supports multiple users by testing authenticated user access to ensure a user on an application cannot access another user's data or escalate privileges. We test an application, such as a web application or custom-built application as an authenticated user. We log on to the application as that user and perform testing to see if we can perform any of the following:
- Horizontal Privilege Escalation - where an authenticated user can access another user's data. An example of horizontal privilege escalation is a bank application, where an authenticated user's account number shows up in a URL. If I can change the account number in the URL to another account number and access another user's banking information, I've just performed a horizontal privilege escalation.
- Vertical Privilege Escalation - where an authenticated user can escalate privileges to an administrator-level account. An example of this is a web application that has a value representing the username in a hidden field that is returned after successful authentication. What would happen if we changed the value from 'username' to 'root' or 'administrator' and passed this back to the web application server?
- SQL injection (Blind, Inference, Classic, Compounded)
- OS command injection (Informed, Blind)
- Server-side code injection
- Server-side template injection
- Reflected XSS
- Stored XSS
- Reflected DOM issues
- Stored DOM issues
- File path traversal / manipulation
- External / out-of-band interaction
- HTTP header injection
- XML / SOAP injection
- LDAP injection
- Open redirection
- Header manipulation
- Server-level issues
Contact us or use the form on this page for more information about our Web Application Penetration Testing services or to schedule a Web Application Penetration Test.