Web Penetration Testing
Vulnerabilities in Web Applications and API’s
Web applications are only becoming more relevant. Millions of people depend on web apps to handle their most sensitive information, whether it be for financial planning or medical care. With their growing complexity comes unforeseen security flaws and simple human error. This risk increases as web applications become more interconnected through the linking of APIs. Security researchers find new methods of making these applications bend and break every day.
The best defense is by a good offense. Hiring a knowledgeable team of penetration testers to assess your applications, you will be made aware of security holes that could lead to compromised applications and data breaches. This will provide the foresight needed to strengthen your web applications and keep sensitive information protected.
Manual vs. Automated Web Application Testing
Automated vulnerability scanners fail to pick up on some underlying security flaws. An experienced penetration tester will gain understanding of the context application and may figure out how to abuse its logic. Many of these vulnerabilities are not picked up by automated tools.
Our penetration testers often make use of vulnerability scanners in the initial phases of an application security test. As greater understanding of the application’s context is gathered, we provide further assessments that are more relevant to your user base and individual security needs.
Web Application Pentest Methodology
Solid Rock Innovations utilizes a detailed and repeatable methodology. We ensure this process is used during each engagement to ensure our assessment is reliable and reproducible. To get these results, we utilize the following steps listed below:
1. Scoping & Pre-Engagement
Before a web application assessment can take place, a clear scope is defined with the client. Communication is encouraged with Solid Rock and the client organization during this stage to establish a firm foundation in which to assess from.
- Determine the organization’s applications or domains to be scanned and tested
- Make note of any exclusions from the assessment (specific pages or subdomains)
- Decide on the official testing window
2. Information Gathering
Collect as much information as possible on the target, leveraging OSINT (Open Source Intelligence) tools and techniques. The information gathered will help Solid Rock to understand the operations of the organization, which allows risk to be accurately assessed through the engagement process. Some of the intelligence may include:
- Ownership and validation of assets
- Exposed files and directories found by Google
- Information leaked from breaches
- Information disclosure provided by application developers on 3rd party sites
3. Vulnerability Identification & Enumeration
Automated scripts and tools are used during this stage, along with more advanced information gathering techniques. Solid Rock will further examine any potential attack vectors. The information gathered here will be the basis for exploitation in the next phase.
- Directory Enumeration
- Application misconfigurations
- Leverage known vulnerabilities of the applications and associated services
We begin to attack the vulnerabilities discovered within the web application. This is done with care and caution to protect the application and its data, while still working to verify the existence of attack vectors. The following attacks, and others, will be performed during this stage:
- SQL Injection (SQLi), Cross-Site Scripting (XSS), and web application attacks
- Leverage any known breached credentials and use for brute forcing against authentication measures
- Leverage known vulnerabilities of the application and associated services
Reporting is the final phase of the assessment. All of the information gathered is combined and used to provide the client with a comprehensive detailing of the findings. The report contains a breakdown of the overall risk, highlighting strengths and weaknesses in the applications. Recommendations are included to help the business to make informed decisions regarding the application. Each vulnerability is further broken down into technical details, along with remediation steps for the technical team to follow. An executive summary is also included to help provide information for strategic planning.
6. Remediation Testing (Optional)
Upon the request of the client, a retest can be performed after the client has addressed vulnerabilities identified in the assessment. We validate to see if the vulnerability still exists to ensure the changes were implemented properly. The prior assessment will be updated to reflect the results of the retest.