Our methodology for pentesting Web Application

The purpose of this penetration test is to simulate the behavior of a malicious third party accessing your application from the Internet. The general objectives during a web application audit are:

  1. Identify technical vulnerabilities in a recipe environment.
  2. Analyze their impacts both technically and professionally.
  3. Determine the risks involved.
  4. Establish short-term and long-term recommendations for each vulnerability.
  5. Define the actions to be implemented within a master plan.

Our audits concern web applications of all types, whatever the hosting solution and the programming languages used.

Vulnerabilities we are looking for

  • Main vulnerabilities
    • Injections (SQL Injection, Blind SQL Injections)
    • XSS (cross-site scripting)
    • Bad authentication and sessions isolation
    • Direct access to protected pages
    • Lolcal File Inclusion
    • Exposure of sensitive data
    • CSRF (Cross site Request Forgery)
    • Security misconfiguration
    • Invalid redirects
    • Lack of cryptographic storage
    • Lack of data transfer protection
    • Use of vulnerable component

Additional checks

  • Configuration
    • Databases configuration
    • Configuration of the web server's application
    • Configuration of the web server's operating system
  • Authentication
    • Audit of user passwords
    • Strong authentication
  • Architecture
    • Application architecture
    • Vertical partitioning errors
    • Horizontal partitioning errors