WEB APPLICATION
SECURITY ASSESSMENT

Insecure Web Application can jeopardise the whole business.

Overview

FOCAL POINT utilizes a comprehensive methodology to assess web applications using a variety of automated scanning tools and proven manual testing methods. Findings from the automated tools are manually verified to eliminate false positives.

FOCAL POINT conducts web application security assessments from the perspectives of users with varying levels of privilege based on the roles supported by the application. For most applications, this will include testing as an unauthenticated user, an authenticated user with limited privileges, and as a user with administrative privileges. The varying levels of privilege provide FOCAL POINT with wider application coverage and ensure a more comprehensive vulnerability assessment.

Web App Security Assessment

Methodology

Testing Methodology: OWASP (Open Web Application Security Project) Testing Guide - full checklist

The FOCAL POINT web application assessment process consists of the following key phases:

  • Information Gathering
  • Configuration and Deploy Management Testing
  • Identity Management Testing
  • Authentication Testing
  • Authorisation Testing
  • Session Management Testing
  • Data Validation Testing
  • Error Handling
  • Cryptography
  • Business Logic Testing
  • Client Side Testing