Web Penetration Testing
Web penetration testing is a simulated hacker-style attack on a website aimed at identifying and gauging the gravity of existing vulnerabilities in order to protect the website from malicious attacks.
PCS delivers web application penetration testing in accordance with popular and widely accepted methodologies, including SANS Top 25, OWASP Top 10 and OWASP ASVS (Application Security Verification Standard) extended by our experience.Our scope goes beyond common vulnerabilities such as SQLI, XSS, LFI, and RFI and we are more than adequate to deal with the following vulnerabilities:
• Persistent Cross-Site Scripting
• Session Hijacking
• .NET Deserialization
• Data Exfiltration
• Bypassing File Extension Filters
• Magic Hashes
• PostgreSQL Extension and User Defined Functions
• Bypassing REGEX restrictions
• Cross-Site Request Forgery
• Type Juggling
• Blind SQL Injection
• Bypassing File Upload Restrictions
• Loose Comparisons
• Bypassing Character Restrictions
Web Penetration Testing Process – Workflow
Understanding an attacker’s perspective is key to successful web application penetration testing, and that’s exactly how PCS approaches the process.
PCS experts will focus on:
Scoping: Working with you to identify all systems / applications
Web App Testing with a large range of attack methodologies
Reporting: Delivering a clear easy to understand severity ordered report
Debrief: Further explanation and of vulnerabilities / exploits
Re-testing: Free re-testing is included with all our services
Benefits To You
The benefits of web penetration testing include identifying and addressing security vulnerabilities, before they are exploited by attackers, meeting regulatory compliance requirements, and maintaining customer trust.