Web Application Penetration Testing Methodology

Security Testing > Web Application Penetration Testing Methodology



Pre Release PST
Reseller PST
Pre Deployment PST
Piracy Testing
Web Application Pen-Test
Network Packet Security Testing







	Case Studies

Assessment

Gathering the information from the client regarding his business implications due to the vulnerabilities.
Understanding the client requirements on the components of the web application (Web servers, Database servers etc) to be performed.
Verify with the client whether the vulnerability test should be performed on the website on real time or off time.

Planning

Define the scope based on the nature, timing and extent of the evaluation.
Verify that no test will violate any specific law of local or national statute. Also, our auditor will consider obtaining a signed “authorization form” from the client agreeing to the deployment of web application penetration testing tools and methods.
Investigate and use available automated tools to perform web application vulnerability assessments. These tools improve the efficiency and effectiveness of web application security testing.

Designing

Attacking

Assess possible methods of attacks based on identification of vulnerabilities.
Identify the type of OS employed by target hosts.
Obtain permission to execute a port scan for those destination target hosts that are “live.”
Execute exploits on the client web environment.

Analysis & Reporting

Run commercial or open source web application vulnerability assessment tools to verify results.
Defining the scope of the analysis
Objectives of the report
Period of work performed
Nature, timing & extent of web application vulnerability analysis performed
Conclusion as to the effectiveness of controls and significance of vulnerabilities identified.