A Web Application Assessment (often referred to as Web Application Penetration Testing or Pentest) addresses the security of your website (Web application). Websites are mostly publicly available and are there to provide services for anyone with internet access. This makes them a primary target for attackers.
Web applications are grown out of static pages and becoming more dynamic in terms of providing content. User data, admin panels and card payment details are all gold mines in the eyes of the hackers.
How can a Web Application Assessment keep me secure against the most common vulnerabilities?
We test your web application against the ten most common vulnerabilities. This is not just an internet top 10 but is open source and the de facto gold standard in the cybersecurity community – The OWASP Top 10.
Any company with a dynamic web application can benefit from a penetration test. A dynamic web application is an application that generates data/pages in real-time. These applications normally have user/admin dashboards, login pages and are connected to a database.
How often do you need an Assessment?
Web development is a fast-paced, dynamic industry. New technologies, platform plugins are emerging daily. Many components are used to develop a website along with third-party software.
For example, 17,467 WordPress vulnerabilities are known to date and more are being discovered daily. Regular testing is recommended, whether it's quarterly or annually is depending on your risk assessment.
What is the process of having a Web Application Assessment?
The process starts with client engagement and understanding their concerns and requirements. We first establish the client’s requirements at a higher level. This is where we discuss any compliance or insurance concerns. We will also explain the process in plain English.
The next step we move on to scope the assessment. At this stage, we normally talk to your IT staff to scope the project and assess any required permissions. Once the scope is agreed upon we then move on to the assessment.
During our vulnerability assessment, we will be in regular contact and should anything critical be discovered we will work with you immediately to address that concern. Our final report will be split into two digestible sections. Firstly, there is a section covering a high-level overview of findings designed to allow senior risk holders to understand the findings and steps they need to take to address any findings. Our second section is a technically detailed report cover the techniques used and the outcomes of certain techniques along with technical guidance going forward
How long will a Web Application Assessment take?
This highly depends on the size of the project. We’re able to confirm the duration after scoping the project.
Will it affect my normal business operations?
When scoping the project we analyze and plan to avoid any disruptions. We use weekends or evenings if necessary to avoid high traffic hours. There will not be any disruption unless we advise you in advance and both parties are agreed on that.
Important Note: Bear in mind that outsourced developers/contractors are not necessarily responsible for the web application’s security. Our objectives and tooling are different, however, we work hand in hand with developers to address the security side of their operation.
Interested in learning more about a Web Application Assessment? Got some more questions? Get in touch with us today and we’ll be happy to discuss more.