Language: English | عربي

Web Application Security Assessment

Overview

Our Web Application Security Assessment (WASA) will help to identify vulnerabilities and potential threats to your web application using set of automated and manual testing techniques. We assist your organization in understanding the risks and impacts of the vulnerabilities by simulating real-world attacks against your web applications.

Web Application Security Assessment

Scope

The assessment covers vulnerabilities identified by OWASP Top 10:

  1. Injection
  2. Cross-Site Scripting (XSS)
  3. Broken Authentication and Session Management
  4. Insecure Direct Object References
  5. Cross-Site Request Forgery (CSRF)
  6. Security Misconfiguration
  7. Insecure Cryptographic Storage
  8. Failure to Restrict URL Access
  9. Insufficient Transport Layer Protection
  10. Unvalidated Redirects and Forwards

Assessment Types

Source Code Review
  • Black-Box: A Black-Box WASA tests your web application based on real-world attackers’ perspective in which the attacker has no knowledge about the internal design of the web application. We initiate an attack and attempt to understand the internal design of your web application by analyzing the inputs and outputs of your web application.
  • White-Box (Source Code Review): A White-Box WASA evaluates your web application at source code level. It involves in-depth source code analysis to find vulnerabilities. We start the assessment by analyzing your web application line by line and learn the internal design of your web application. Once the initial analysis is complete, we scan the source code for vulnerabilities using automated and manual testing techniques.