Website Application Security Testing
Website Application Security Testing
Activities
► Identify the applications to be review
- Securis360 team and client shall identify applications to be assessed
► Automated scan and exploitation
- Perform automated scans on the identified applications.
- Review the extent to which web pages and nodes are vulnerable to exploits that are realistic by performing:
Manual testing
- Perform manual assessment of in-scope applications.
- Assess the applications basis on the key areas
to focus as per OWASP methodology:
- Injection
- Broken Authentication and Session Management
- Cross Site Scripting (“XSS”)
- Insecure direct object references
- Security misconfiguration
- Sensitive data exposure
- Missing function level access control
- Cross Site Request Forgery (“CSRF”)
- Using components with known vulnerabilities
- Invalidated redirects and forwards and
- Testing application business logic.
Deliverables
Application Security Assessment Report with details about the observation, risk, severity, business impact and recommendation.