What is Website Penetration Testing ?

A web application penetration test aims to identify security issues resulting from vulnerabilities in the design, coding and publishing of software or a website.


This can include:

  •    Testing user authentication to verify that accounts cannot compromise data;
  •    Assessing the web applications for flaws and vulnerabilities, such as XSS (cross-site scripting);
  •    Confirming the secure configuration of web browsers and identifying features that can cause vulnerabilities; and
  •    Safeguarding web server security and database server security.

 

The vulnerabilities are presented in a format that allows an organisation to assess their relative business risk and the cost of remediation. These can then be resolved in line with the application owner’s budget and risk appetite, inducing a proportionate response to cyber risks.

Speak with a Cyber Expert

We take a first principals approach to application vulnerability detection, and therefore we are not bound to any platform or signature database.

 

Rather than use a database of static signatures, we approach each test in the same way a hacker or penetration tester would and apply a testing methodology. The vast majority of application security flaws, such as SQL Injection and Cross-Site Scripting arise from insecure processing of input supplied by the client. We adopt a first principals approach when testing each input by examining the original expected value and the servers response when the value is modified. By adopting this methodology, we are able to determine how data may be being processed by the server and can then dynamically evolve each test to identify vulnerabilities. This approach results in more accurate testing and allows us to identify security flaws that may be masked by security filters and Intrusion Prevention Systems (IPS), but could still be exploited by a real-world attacker.


Open source intelligence gathering


Temporary components such as micro-sites and marketing landing pages can become forgotten and unmaintained. These no-longer linked components may hide a critical security flaw and therefore it is important we test every component an attacker may target. We query search engines such as Google and other online indexing services to gather a list of URLS both past and present to factor into the attack discovery phase.

Our approach to testing...

Application Scanning

For each URL within scope, we perform online reconnaissance to gather information pertaining to the site that is publicly available in search engines and other online indexing services.


Next we will map out the application using a sophisticated crawling engine. The crawler combines traditional web scraping with a browser-based crawler which implements artificial intelligence to mimic typical application user behaviour.


The “Mapped Attack Surface” enumerated during the initial phases of the scan, is then subject to methodical security testing. Typically, the assessment process works by taking each user supplied data component, such as a form field of query string parameter, then modifies it to include a specific test case before submitting it to the server. Based on the applications response, further test cases are then submitted through the same method to confirm the vulnerability.


Common vulnerabilities detected during the web application scan include; Injection flaws such as SQL, NoSQL, XML, Code, and Command injection, Cross-Site Scripting and hundreds of other vulnerability classes arising from insecure code.

Infrastructure Scanning

Infrastructure scanning includes all components that are not covered within the application scanning phase. The infrastructure scan begins by port scanning each host to identify accessible services. Each service is then enumerated for vulnerabilities such as, but not limited to: missing security patches; configuration weaknesses; and information disclosure vulnerabilities.


Common vulnerabilities detected during the infrastrucure scanning phase includes: missing operating system patches; weak administrative passwords; and access control vulnerabilities.


If your website is hosted on Amazon Web Services, Google Cloud or Azure, we can launch specific configuration assessments to identify configuration weaknesses.

Reporting

At completion, we provide a detailed report listing the potential impact, a technical narrative detailing how the flaw was detected and detailed remediation advice. Where possible, proof of concept examples are provided so that the flaw can be easily recreated and demonstrated to the relevant stakeholders.

Key Features...

Zero Day Detection

We detect security flaws by adopting a first principles methodology rather than firing checks from a known vulnerability database. This approach successfully identifies security flaws within applications and systems that are previously unknown and undisclosed. We can then work directly with the vendor to ensure the flaw is fixed and a patch is made available.

Browser-based crawler

Modern web applications built on frameworks such as Angular and ReactJS prove problematic for traditional crawlers that rely on scraping HTML. Navigation and other key application components are often driven through JavaScript events which are completely invisible when analysing HTML.


To overcome this limitation, we use a browser-based crawler that combines application modelling techniques and subtle heuristical cues to automatically discover the complete attack surface of any given application in the shortest time possible.

Safe Exploitation

A key deliverable in professional penetration testing is to demonstrate the real-world impact of discovered vulnerabilities.


We provide an option to safely exploit vulnerabilities so that real business impact can be demonstrated to all stake holders from board level to the development team.

OWASP Top 10

Web application scanning covers all known vulnerability classes including all of the OWASP top 10. Easily view and manage all your known OWASP top 10 vulnerabilities in scans and reports.

Speak with a Cyber Expert

The Benefits of a Website Penetration Test

Gain real-world insight into your vulnerabilities.

Keep untrusted data separate from commands and queries.

Develop strong authentication and session management controls.

Improve access control.

Discover the most vulnerable route through which an attack can be made.

Find any loopholes that could lead to the theft of sensitive data.

If you are responsible for a website or web application, you should ask yourself:

Could your application be exploited to access your network?

Do you use an off-the-shelf CMS (content management system)? Is it vulnerable to attack?

Could your identity credentials be hacked, or account privileges escalated?

Is your API secure?

Do you process or store payment details on your website?

Does your application store personally identifiable information at the back-end?

Enquire about a Website or Application Penetration Test today

0333 305 0605

Request to

Speak with a Cyber Expert

Submit your request and we'll get back to you soon
with our availability.

    "Applications are the initial target in 53% of breaches."


    "Breaches that start with website and application attacks account for 47% of the breach costs, making application attacks the costliest."

IT Governance 2020
Speak with a Cyber Expert