A.K. DESIGNS PH

Web Application Testing

Web Application Testing

Measures the security posture of your website and apps.

Web application testing measures the security posture of your website and/or custom developed application.  TCM Security performs full unauthenticated and authenticated testing based on strict OWASP guidelines.  Our engineers focus on identifying weak points across the entire web application to ensure your applications and data stay safe.  Testing activities include hunting OWASP Top 10 Vulnerabilities, website mapping and enumeration, testing for injection attacks (SQL, JavaScript, LDAP, etc.), testing for remote code execution, malicious file upload abuse testing, and more.

All testing performed follows the OWASP v4 guidelines and checklist.

The following tools are commonly used during our web application assessments:

• Burp Suite Pro
• Nessus Vulnerability Scanner
• nmap
• Nikto
• Dirbuster / Dirb / Dirsearch
• sqlmap
• BeEF
• Metasploit
• Qualys SSL Scanner
• BuiltWith / whatweb
• Manual Review

"All testing performed is based on the NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide (v4), and customized testing frameworks."

Planning

Customer goals are gathered and rules of engagement obtained.

Discovery

Perform scanning and enumeration to identify potential vulnerabilities, weak areas, and exploits.

Attack

Confirm potential vulnerabilities through exploitation and perform additional discovery upon new access.

Reporting

Document all found vulnerabilities and exploits, failed attempts, and company strengths and weaknesses.

Thorough Testing

Activities performed during web application penetration testing include, but are not limited to:

OWASP Top-10 critical security flaw testing

Website mapping

Password attacks and authentication bypasses

Session attacks

Vulnerability scanning and exploitation

Automated and manual injection testing (XSS, SQL, etc.)

Directory traversal testing

Other manual testing depending on language and site content

Cyber Security

Get In Touch

Email: info@akdesignsph.com
MON-FRI 09:00 - 19:00, SAT-SUN 10:00 - 14:00
Scroll to Top