Website Application Security Testing

Activities

► Identify the applications to be review

• Securis360 team and client shall identify applications to be assessed

► Automated scan and exploitation

• Perform automated scans on the identified applications.
• Review the extent to which web pages and nodes are vulnerable to exploits that are realistic by performing:

Manual testing

• Perform manual assessment of in-scope applications.
• Assess the applications basis on the key areas to focus as per OWASP methodology:
  • Injection
  • Broken Authentication and Session Management
  • Cross Site Scripting (“XSS”)
  • Insecure direct object references
  • Security misconfiguration
  • Sensitive data exposure
  • Missing function level access control
  • Cross Site Request Forgery (“CSRF”)
  • Using components with known vulnerabilities
  • Invalidated redirects and forwards and
  • Testing application business logic.

Deliverables

Application Security Assessment Report with details about the observation, risk, severity, business impact and recommendation.