Arrange a initial consultation!

Simply make an appointment online for a non-binding and free initial consultation with one of our employees.

Arrange Call

What does our web penetration test offer?


Web Penetration Testing is, as the name implies, a penetration test that is is focused exclusively on a web application and not on a network or enterprise. The underlying concept and objectives for detecting security vulnerabilities and for Strengthening defence mechanisms are identical. In fact, many of the same Tools and attack vectors used during deployment. The main difference lies in the methodology used by the Web Penetration Tester to create a footprint or a Map Web application functionality and then query entry points (usually user-defined input fields).

Advantages


Penetration tests are carried out by our specially trained analysts according to recognised standards. planned, and evaluated.

Benefit from the many years of experience of our analysts.
  • Our analysts have an extensive academic education and many years of experience in the field of Experience Identify and fix all types of vulnerabilities.
  • Through regular training and education, we ensure that new tools and tools are techniques can be used as quickly as possible.
  • We are constantly developing our tools and processes further in order to provide our customers with the best possible outcome to be able to deliver.
  • Extensive research ensures that even daily updated vulnerabilities be identified can.
We conduct safety analyses on the basis of recognised standards and guidelines.
  • We audit web applications using the OWASP Testing Guide. Our tools and procedures are in a position to optimally assess the vulnerability categories of the OWASP Top 10. identify it.
  • Our processes are based on the Praxis-Leitfaden für Penetrationstests des Bundesamts für Information Security (BSI).

Procedure


Penetration tests carried out by us are an agile process and are carried out in close consultation with the customer.

Kick-Off

The preparation of the pentest takes place in the context of a kick-off meeting with the technical and organizational responsible persons of your company. The framework conditions to be tested are specified, necessary user accounts and access routes are agreed, contact persons and escalation routes are defined and the pentest is discussed in detail together.

Research

Our analysts try to collect as much information as possible. Based on this information, analysis strategies are developed to identify possible attack vectors. These attack vectors are then examined for vulnerabilities in extensive tests.

Exploitation

In this phase, an attempt is made to actively exploit the identified vulnerabilities in order to gain access to the target systems. Depending on the service or technical environment, our pentester writes new exploits or uses existing ones. Potential vulnerabilities can turn out to be false positives. Only verified vulnerabilities are included in the final report and classified according to their criticality.

Report

You will receive a comprehensive final report consisting of a Management Summary and a Technical Report. The criticality of the weak points and recommendations for action are described in detail.

Remediation (Optional)

In this phase, the identified weak points are eliminated by your company. If required, you will be supported by our experienced security engineers.

Nachprüfung (Optional)

After the remediation you have the opportunity to have us carry out a follow-up check. Here we check the effectiveness of your measures and adjust the result report.

Abschlussgespräch (Optional)

In this final discussion, all critical points in the results report are discussed and all final questions clarified.

Interested? Convinced? Interested?

Request a sample report or our service portfolio today. We will be happy to assist you!

We have received your message. We will get back to you shortly. An error has occurred. Please try again.

Scope


The following section describes our test modules. Basically, the longer our analysts examine your web application, the more meaningful the results will be. If you have special requirements, we will be happy to make you an individual offer.

We cover the entire app spectrum! Our analysts are familiar with native, web, hybrid and progressive web apps.
Architecture, design and threat analysis

  • API endpoint security
  • Architecture overview of all dependencies
  • Identification of all sensitive data
  • Scope of functions identification
  • Threat analysis of API endpoints
  • Safety functions in central components
  • Cryptographic key management
  • Enforce app updates
  • Security in the software development cycle
Data storage and data protection

  • Storage mechanisms
  • App Container Security
  • Logfiles
  • In-App data security
  • Keyboard cache
  • Interprocess communication
  • Sensitive data
  • Operating system controlled backup
  • Background mode
  • Memory area
  • Equipment protection guideline area
  • Security Best Practice Recommendations
Cryptography

  • Hard-coded keys
  • Cryptographic primitive
  • Best practice guidelines
  • Obsolete algorithms
  • Reuse of cryptography
  • Random number generator
Authentication and Session Management

  • Authentication
  • Session management
  • Token-based authentication
  • API endpoint
  • Password policy
  • Login attempts
  • Access token
  • Biometric authentication
  • 2. authentication factor
  • Sensitive transactions
  • Login procedures
Network communication

  • TLS encryption
  • Best Practices
  • X.509-certificate
  • Certificate store
  • Communication channels
  • Communication links
Platform interaction

  • App Permissions
  • Interprocess communication with external sources
  • Debugging symbols
  • App-own URL schemas
  • App-own interprocess communication
  • JavaScript WebViews
  • WebView Log Handler
  • Javascript from external sources
  • Object serialization
Code quality and build settings

  • App signature
  • Release settings
  • Binary files
  • App logs
  • Third party libraries and frameworks
  • Error handling
  • Security features
  • Offered security functions of the development environment
Manipulation Security - Dynamic Analysis

  • Rooted device
  • Debugging
  • App's own sandbox
  • Reverse-Engineering-Tools
  • Main memory area
  • Multi-layer mechanisms
  • Recognition mechanisms
  • Programmatic defensive measures
Manipulation security - Device binding

  • Device binding mechanism
Manipulation security - prevent traceability

  • File-level encryption
  • Obfuscation mechanism
Information Gathering

  • Search Engine Discovery and Reconnaissance
  • Webserver Fingerprinting
  • Webserver Metafiles
  • Application Enumeration
  • Comments and Metadata
  • Application Entrypoints
  • Executionpaths Mapping
  • Framework Fingerprinting
  • Application Fingerprinting
  • Application Architecture
Configuration

  • Network/Infrastructure Configuration
  • Application Platform Configuration
  • File Extensions Handling
  • Old, Backup and Unreferenced Files
  • Admin Interfaces
  • HTTP Methods
  • HTTP Strict Transport Security
  • RIA Cross Domain Policy
  • File Permissions
  • Subdomain Takeover
Session Management

  • Session Management Schema Bypassing
  • Cookies Attributes
  • Session Fixation
  • Session Variables
  • Cross Site Request Forgery
  • Logout Functionality
  • Session Timeout
  • Session Puzzling
Error Handling

  • Error Codes
  • Stack Traces
Identity Management

  • Role Definitions
  • User Registration Process
  • Account Provisioning Process
  • Account Enumeration and Guessable User Accounts
  • Username Policy
Authentication

  • Credentials Over Encrypted Channel
  • Default Credentials
  • Weak Lock-Out Mechanism
  • Authentication Schema Bypassing
  • Remember Password Functionality
  • Browser Cache
  • Password Policy
  • Security Questions
  • Password Change or Reset
  • Authentication in Alternative Channel
Authorization

  • Directory Traversal/File Inclusion
  • Authorization Schema Bypassing
  • Privilege Escalation
  • Insecure Direct Object References
Input Validation

  • Reflected Cross Site Scripting
  • Stored Cross Site Scripting
  • HTTP Verb Tampering
  • HTTP Parameter Pollution
  • SQL Injection
  • LDAP Injection
  • ORM Injection
  • XML Injection
  • SSI Injection
  • XPath Injection
  • IMAP/SMTP Injection
  • Code Injection
  • Command Injection
  • Buffer Overflow
  • Incubated Vulnerabilities
  • HTTP Splitting/Smuggling
  • HTTP Incoming Requests
  • Host Header Injection
Cryptography

  • Transport Layer Protection
  • Padding Oracle
  • Unencrypted Channels
  • Weak Encryption
Business Logic

  • Data Validation
  • Request Forgery
  • Integrity Checks
  • Process Timing
  • Usage Limits
  • Circumvention of Work Flows
  • Application Mis-use
  • Upload of Unexpected File Types
  • Upload of Malicious Files
Client-Side

  • DOM Based Cross Site Scripting
  • JavaScript Execution
  • HTML Injection
  • URL Redirect
  • CSS Injection
  • Resource Manipulation
  • Origin Resource Sharing
  • Cross Site Flashing
  • Clickjacking
  • WebSockets
  • Web Messaging
  • Local Storage
APIs

  • Generic Testing
  • Parameter Fuzzing
  • Insecure Direct Object References
  • Privilege escalation
  • (Token-Based) Authentication
  • JWT Brute Forcing
Patchmanagement

  • Outdated Software
  • Public Disclosed Vulnerabilities
Informationsbeschaffung

  • Search Engine Discovery and Reconnaissance
  • Port-Scanning
  • Service Fingerprinting
  • Application Enumeration
  • Network Architecture
Patchmanagement

  • Outdated Software
  • Public Disclosed Vulnerabilities
VPN-Analysis

  • Configuration
  • Cryptography