default
+

Thank you for contacting us.


One of our expert consultants will review your inquiry.

+

Thank You


We hope you find this resource helpful.
If you have any questions, don't hesitate to contact us.

+

Thank you for contacting us.


One of our expert consultants will contact you within 48 hours.

+

Almost There!

Please fill out the form to complete your
whitepaper download

captcha

+

Almost There!

Please fill out the form to complete your
brochure download

captcha

web and mobile application security testing

Application Security
Testing

Application security is one of our core service offerings and is one which evaluates the security of web and mobile applications; from source-code all the way up to the browser. An application security assessment measures the effectiveness of the controls in place through simulating a cyber-attack.

Script kiddies rely on automation;
we don’t.

Unlike many competitors in the industry, automated testing is only the beginning of our process, which is then followed by extensive manual testing. The fundamental problem with automation is that it is prone to false positives (e.g., incorrect findings) and false negatives (e.g., missing critical areas of the application, lack of context, chained exploits, and more). Our expertise in the area takes our offerings beyond the sledge hammer approach and explores opportunities for more advanced attackers.

A significant differentiator is that Packetlabs’ consultants develop a threat model of your application and take the time to understand the overall purpose of and the components which interact with sensitive information or functionality. This approach enables a real-world simulation of how an attacker will target your application and offers significantly more value. Only after thorough analysis do we begin attempting to manually compromise each layer of defence within the environment.

Background

The basis of our application security testing is guided by an enhanced version of the OWASP testing methodology. The following issue types will be examined:

configuration management

Configuration Management

authentication and authorization

Authentication & Authorization

error handling

Error handling

identity management

Identity Management

input validation

Input validation

session management

Session management

cryptography

Cryptography

business logic

Business logic

client side

Client side

What We Deliver

At the completion of this service, we draft a detailed report, including an executive summary, outlining the overall state of the application and our technical findings coupled with recommendations. Attacks involving multiple exploits are documented in a narrative to outline how an attacker could chain vulnerabilities together in order to compromise your application. Putting the pieces together, we perform root-cause analysis and provide both tactical and strategic recommendations.

Background

Related Resources

April 28, 2016

WEB APPLICATION TESTING METHODOLOGY

Our security testing methodology is derived from the OWASP Top 10:2013 and has been enhanced with current threats and our overall experience in the industry.

DOWNLOAD WHITEPAPER
download_pdf

101000110010101001001110010110010100010100101111001010100000001

Background

Ready for more than a VA scan?®

We’ll provide you with a free, no-obligation quote for an in-depth test and analysis of
your application’s security.