Listing Thumbnail

    CyberCX Web Application and Web Services Penetration Tests (STA)

     Info
    Sold by: CyberCX 
    Comprehensive business risk-focused assessment
    Listing Thumbnail

    CyberCX Web Application and Web Services Penetration Tests (STA)

     Info
    Sold by: CyberCX 

    Overview

    Securing web applications and web services in a cloud world

    A web application and web service penetration test will seek to identify vulnerabilities present in the in-scope products. This broad coverage would typically include any application that is served over Hypertext Transfer Protocol (HTTP) and covers web sites with content that is accessible via a web browser, or via computer-to-computer transmissions through web services (e.g. via an API). Cloud technologies can also significantly increase the attack surface and hence exposure of a given deployment. As a result, it is imperative to check for the misconfigurations through which an attacker may initially attack and compromise a cloud environment and gain a foothold. i.e. resources and configuration which, if not correct, could potentially lead directly to the compromise of the environment or some data within it. Cloud environments use different technology and architectures when compared to on premise and data centre hosted implementations. This requires alternate testing approaches and authorisations to perform comprehensive testing under this shared responsibility and complex area. CyberCX has the experience to plan and execute tests that safeguard your sensitive information assets.

    Locating the gaps through tooling and expertise

    Automated web application test tools identify configuration issues and obvious vulnerabilities, but perform poorly when assessing application logic, authorisation, privilege escalation issues and implemented functionality from a security perspective. Extensive manual testing is conducted to bridge the gaps of automated testing and to validate vulnerabilities, eliminate false positives, and develop proof of concept exploits that allow for risks to be tangibly assessed. Our testing will simulate how a threat actor would attack deployed applications and systems through web-accessible interfaces and internet facing services. The presence of vulnerabilities is determined by directing a series of requests to a web application and evaluating the responses received. This allows CyberCX to precisely detect any active and exploitable vulnerabilities which may be present, circumvent business processes, and allow access to your data.

    Industry standards and proprietary methods

    CyberCX’s web application and web service penetration testing will encompass all issues covered within leading frameworks, such as OWASP Top 10 and CWE/SANS Top 25 Most Dangerous Software Errors, among others. While these provide a sound foundation for identifying security vulnerabilities, further investigation is necessary to determine the full risk a threat actor may pose to you. As such, CyberCX may extend penetration testing activity to include aspects of multiple methodologies, including the OWASP testing guide (up to 94 tests), OWASP Application Security Verification Standard (up to 286 tests). CyberCX also utilises in-house methodologies to address custom testing requirements and ensuring critical functionality such a business logic is rigorously tested.

    Highlights

    • Ensures the integrity of all aspects of your application, including the strength of authentication mechanisms, rules and policies
    • Evaluate whether the authorisation scheme adequately protects access to files and objects
    • Evaluate the effectiveness and suitability of crypto technologies in place between client and server

    Details

    Delivery method

    Pricing

    Custom pricing options

    Pricing is based on your specific requirements and eligibility. To get a custom quote for your needs, request a private offer.

    Legal

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Support

    Vendor support

    The CyberCX Support Service provides 24/7 assistance from our team of skilled support consultants. Contact us on:

    NZ Phone: +64 800 436 273

    AU Phone: +61 1300 031 274

    Email: leads@cybercx.com.au 

    https://cybercx.com.au/solutions/security-testing-and-assurance/Â