A web application vulnerability assessment involves the identification and analysis of web properties to provide a current view of the potential vulnerabilities and threats posed to your enterprise and its users.
These assessments begin with spidering a client website or application to identify the pages and forms available to users.
Once a baseline of information is gathered, a series of tests are run against the identified web pages and forms to help determine if OWASP and other vulnerabilities exist in the website or application.
Sample of risk categories examined during an assessment:
Denial of service
Business logic flaws
Weak or outdated cryptography
Results are analyzed by our security analysts, ranked by risk and provided to clients, along with remediation instructions.
Web Application Penetration Test
A web application penetration test involves simulating real-world attacks in an attempt to exploit identified weaknesses in a website or web application.
Using the baseline information previously gathered, RMCyberEthic uses Metasploit and a number of publicly available tools to perform a more in-depth analysis including manual probing to:
Test identified pages, forms, and input methods for a number of significant risks, including the OWASP Top 10:
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Insecure Direct Object References
A5 Security Misconfiguration
A6 Sensitive Data Exposure
A7 Missing Function Level Access Control
A8 Cross-Site Request Forgery (CSRF)
A9 Using Components with Known Vulnerabilities
A10 Unvalidated Redirects and Forwards
Leverage the exploitable vulnerabilities to obtain unauthorized access to data, perform unauthorized transactions, or launch further attacks on end-users (if authorized)
Collect evidence to prove the extent of the access obtained
Results are analyzed by our security analysts and formulated into a report identifying successful attack vectors and the extent of the information obtained.