Penetration testing for web applications
Web Application Pentest by certified experts
Identify and eliminate hidden vulnerabilities in your web applications.
Home › Penetrationstests › Web Application Penetration Testing
Overview
What is a web app pentest?
A web application security audit focuses the entire test on the web applications under test, rather than a comprehensive test of the execution of services that an external penetration test or an internal penetration test would provide.
How does Redlings rate a web application?
Redlings evaluates your company’s web application from multiple perspectives:
- What can an unauthenticated attacker access? What are the possibilities for tampering?
- What can an attacker with normal user permissions access? Are manipulations possible that go beyond what such a user is entitled to?
- What can be done if an attacker obtains administrative rights for your web application?
Redlings performs web application assessment following the same steps that an attacker would perform. These include, for example:
- Identify the business purpose of the web application
- Why does the application exist? What problem is being solved?
- How does it make your business practices easier or more efficient?
- Identifying all the pages linked to your web application and assigning links / relationships between the pages
- Identify the input fields in the target web application and test if the application properly handles malicious input attacks with uploads, injections or cross-site scripting
Redlings reviews the business logic associated with the web application and identifies attacks that bypass critical steps.
All tests include at least the OWASP Top-10 for web applications or the OWASP API Security Top-10 to ensure broad coverage of your web application. Redlings uses both internally developed and commercially purchased software to perform web application security assessments.
Such web application testing is aimed at customers who want to test the security of a web application before it is used by employees or customers. Likewise, a security assessment of web applications currently in use can be performed to identify vulnerabilities or misconfigurations.
Web application security testing is also available as an ongoing model (continuous pentesting).
Your Contact
Have we sparked your interest?
Just give us a call or write us a message!
Ähnliche Leistungen
Penetrationstests
Penetration Testing: Secure your digital infrastructure from hackers and criminals. Find security vulnerabilities before the attackers through a pentest.
Network Pentest
A network penetration test is a security assessment for your organization’s internal or external IT infrastructure and exposed network services.
Social Engineering & Phishing Testing
A Social Engineering Security Assessment may range from simple email phishing to sophisticated campaigns using multiple communication techniques including spearphishing, vishing and on-site engagement.
Red Teaming
Assess your organisation’s threat detection and response capabilities using a emulated cyber attack.
Active Directory Security Assessment
An Active Directory Security Assessment includes a forest and domain trust configuration and security review as well as an assessment of controls for administrative groups and privileged access accounts.
Cloud Penetration Testing
With our cloud security assessment one or more systems in a cloud environment are reviewed for security (e.g. AWS, Azure, GCP).