We will analyse your web applications, mobile apps and web servers for vulnerabilities using penetration tests (simulated hacker attacks). We will then provide you with extensive, comprehensible reports including basic decision-making guidelines for personnel responsible for the functional application design, as well as specific instructions for developers.
Comprehensive
The analysis covers all 5 levels in the classification diagram for the organisation of security in web applications published by the German Federal Office for Security in Information Technology (BSI) and adheres to the recommendations of the Open Web Application Security Project (OWASP).
Reliable
The wealth of experience concentrated in our knowledge pool coupled with the outstanding expertise of our testers is your guarantee for a high level of reliability in the search for vulnerabilities.
Efficient
We achieve a high level of efficiency and can thus offer our services cost-effectively, thanks to our wealth of experience and use of high-performance tools.
Initial test
We use the initial test to specifically examine the test software for vulnerabilities, which
- are widespread and
- conceal a high level of potential risks.
The initial test is the most suitable approach if a web application or website is undergoing a test for the first time. It provides broad-based and far-reaching identification of security problems – based on an optimised cost and benefit test budget – and enables the client to evaluate the security status.
Complete test
The complete test is used if the vulnerability is linked to ensuring maximum security. In this process, the web application or website undergoes comprehensive and thorough testing. Using a checklist based on our experience, the protection needs and the scope of testing can be determined, and a test budget, optimised in terms of cost/benefits, can be provided.
Example: More intensive and in-depth testing will be performed on a sensitive application, such as an industry portal that works with data and processes critical for competition, than with a less critical application, such as a discussion forum.
Low-budget approach
We offer an extremely affordable approach for specific cases – based on the individual web application – for example when a large number of similar web applications are to be tested at the same time.
Standards and Best Practices
We adhere to existing standards and best practices in our analysis:
- OWASP ASVS (Application Security Verification Standard)
- OWASP Testing Guide
- OWASP Top 10
- OWASP Development Guide
- Web Application Security Consortium (WASC) Threat Classification
- PCI Data Security Standard (PCI-DSS)
- BSI Guidelines “Durchführungskonzept für Penetrationstests” and “Maßnahmenkatalog und Best Practices zur Sicherheit von Webanwendungen”
Scope
Vulnerabilities caused by implementation and configuration errors (levels 1 and 3) are only one part of the problem. Incorrectly executed business logic can often conceal a wide gateway for attackers. We therefore consider the logical and semantic levels as well as the correct use of available security techniques (levels 2, 4 and 5). Our tests consider integrated application security!
Semantics
Security from deception and fraud:
- Information enables social engineering attacks
- Use of pop-ups, among other features, make phishing attacks easier
- No safeguarding in the event of the website being faked
Logic
Safeguarding of processes and workflows as a whole
- Use of insecure email in an otherwise secure workflow
- Vulnerability of a password through a sloppily designed “I forgot my password” function
- The use of more secure passwords is not enforced
Implementation
Avoidance of programming errors that lead to vulnerabilities
- Cross-site scripting
- SQL injection
- Session riding
Technology
- Unencrypted transmission of sensitive data
- Authentication methods not commensurate with the protection needs
- Inadequate randomness of tokens
System
Securing of the software used on the system platform
- Errors in the configuration of the web server
- “Known vulnerabilities” in the software products used
- A lack of access control in the database
Network & Host
Results Report
We provide you with a comprehensive report, which presents the test cases and problems identified in an easily comprehensible manner and delivers information on the potential risks and threats. We also provide detailed information about eliminating them.
Rating Process
exploit
Structure of the Test Results
Each vulnerability or attack technique has its own sub-chapter. The following is listed in each case:
- Explanation: The vulnerability or attack technique is clearly explained, and reference is made to further sources of information (e.g. links).
- Attack scenario / Threat: If necessary, we describe here possible scenarios for exploiting the vulnerability identified to offer the reader the possibility of evaluating the risk. We base this on a “worst case” approach, i.e. we define the more threatening scenario in case of doubt. This definition is independent of the probability of occurrence.
- Test cases and examples: The tests conducted are described in detail and documented with screenshots so that it is simple for the client to understand them and assess the potential risk themselves.
- Measures: Where possible, we provide general measures and best practices for solving the problems identified.
See also:
Static code analysis can be a supplement or alternative to penetration testing:
Additional information:
The Big Application Security Penetration Testing FAQ for Clients provides answers to many important questions concerning the commissioning of penetration tests.
