They vary widely in both size and complexity from a simple business shop-front, through to providing customers with a feature rich interactive experience across web and mobile platforms.
A compromise of a web application would allow a malicious threat actor to gain access to the internal network and/or database server hosting sensitive information such as username and password information, personal data. (This is also getting more important after GDPR rules affects.)
Our Mobile Application and Web Application Penetration Test provides a comprehensive means of evaluating the security of a web application. Involving a manual analysis by our senior and certified security consultants identifying security weaknesses, technical flaws, or vulnerabilities, and underlying technology from the perspective of a malicious attacker in the web application and any underlying technology.
Technology in-scope of testing may include web applications, thick or client-server applications, thin (e.g. Hyper-V, Citrix) application environments, Application APIs (SOAP, REST, Social Media APIs) and the growing market of mobile apps.
A Penetration Test also covers any business logic accessible by a user or another system such as via web services (API’s).
Security issues found will be presented in a comprehensive report, together with an assessment of the impact, a proposal for remediation and/or any applicable technical solution.
The format of the report allows the business to decide on the best course of action to address the vulnerability and therefore reduce the attack surface posed by the application.