default
+

Thank you for contacting us.


One of our expert consultants will review your inquiry.

+

Thank You


We hope you find this resource helpful.
If you have any questions, don't hesitate to contact us.

+

Thank you for contacting us.


One of our expert consultants will contact you within 48 hours.

+

Almost There!

Please fill out the form to complete your
whitepaper download

captcha

+

Almost There!

Please fill out the form to complete your
brochure download

captcha

web and mobile application security testing

Application Security
Testing

Application security testing evaluates the security of web and mobile applications to protect them from cyber-attacks. From source-code all the way up to the browser – an application security assessment measures the effectiveness of the controls you currently have in place by simulating a hack.

Script kiddies rely on automation;
we don’t.

Most application security testers rely on automated testing alone. This is only the beginning of our process, which is followed by extensive manual processes to provide one of the most thorough services the industry offers. The problem with automation alone is that it is prone to false positives (e.g., incorrect findings) and false negatives (e.g., missing critical areas of the application, lack of context, chained exploits, and more). By never relying on automation, our experts explore opportunities for more advanced attackers, mimicking a real-world scenario.

Packetlabs’ unique approach begins with developing a threat model of your application and taking the time to understand the overall purpose, the components, and their interaction with sensitive information or functionality. This approach enables realistic simulation of how an attacker would target your application and in turn, provides you with more value. Only after thorough analysis do we begin attempting to manually compromise each layer of defence within the environment.

Background

The basis of our application security testing is guided by an enhanced version of the OWASP testing methodology. The following issue types will be examined:

configuration management

Configuration Management

authentication and authorization

Authentication & Authorization

error handling

Error handling

identity management

Identity Management

input validation

Input validation

session management

Session management

cryptography

Cryptography

business logic

Business logic

client side

Client side

What We Deliver

A detailed report including an executive summary that outlines the overall state of the application and our technical findings coupled with recommendations

Documentation of attacks involving multiple exploits compiled to outline how an attacker could chain vulnerabilities together to compromise your application

A root-cause analysis to provide both tactical and strategic recommendations

Background

Related Resources

April 28, 2016

WEB APPLICATION TESTING METHODOLOGY

Our security testing methodology is derived from the OWASP Top 10:2013 and has been enhanced with current threats and our overall experience in the industry.

DOWNLOAD WHITEPAPER
download_pdf

101000110010101001001110010110010100010100101111001010100000001

Background

Ready for more than a VA scan?®

We’ll provide you with a free, no-obligation quote for an in-depth test and analysis of
your application’s security.