Application Security
Application Penetration Tests identify vulnerabilities in web and mobile applications and APIs before malicious actors can exploit them to cause harm to the organization (e.g. compromised servers, stolen customer data, reputation damage, etc). As every application is different, we use both industry standard and custom tools in our engagements to ensure each application is comprehensively tested during the assessment.
Application Penetration Tests can include any of the following modules:
Zero Knowledge
The application is tested without any credentials or prior knowledge of its internal workings. Vulnerabilities discovered in this type of assessment could be exploited by a remote attacker without the need for credential compromise.
Authenticated
Credentials are provided, covering different roles for the application to provide an assessment of potential vulnerabilities exploitable by internal users. Focus is on privilege escalation, data exfiltration, business process compromise and ensuring coverage against OWASP Top 10 vulnerabilities.
White Box Assessment
Source code and/or API documentation is provided, allowing a full view of application internals. These assessments result in the most in depth knowledge of security exposure by identifying problematic code and offering actionable changes directly to developers.