Include asset discovery Include automatic scan Rescan the evaluation
The goal is to protect sensitive data by identifying weaknesses in application layer controls. I will perform a rigorous review of application layer controls through functional security testing of the target application and prioritize findings based on their impact on business operations.
Web application penetration testing focuses on the application layer of the target application and may include other logical components.
The evaluation includes an evaluation of the input validation checks on all data passed from the client to the application. In addition to input validation testing, I will evaluate application controls around application access control mechanisms. We will also perform checks against the web server configuration.
An attempt will be made to bypass the normal or given authentication process. Additionally, we will attempt to bypass session management capabilities and gain access to parts of the application that we are not normally authorized to access.
A technical and analytical product, as well as a summary report, will be delivered as part of the activity, including a review of detected threats and step-by-step remediation suggestions.