Script kiddies rely on automation;
we don’t.
Most application security testers rely on automated testing alone. This is only the beginning of our process, which is followed by extensive manual processes to provide one of the most thorough services the industry offers. The problem with automation alone is that it is prone to false positives (e.g., incorrect findings) and false negatives (e.g., missing critical areas of the application, lack of context, chained exploits, and more). By never relying on automation, our experts explore opportunities for more advanced attackers, mimicking a real-world scenario.
Packetlabs’ unique approach to application security testing begins with developing a threat model and taking the time to understand the overall purpose, the components, and their interaction with sensitive information or functionality. This approach enables realistic simulation of how an attacker would target your application and in turn, provides you with more value. Only after thorough analysis do we begin attempting to manually compromise each layer of defence within the environment.

The basis of our application security testing is guided by an enhanced version of the OWASP testing methodology. The following issue types will be examined:

Configuration Management

Authentication & Authorization

Error handling

Identity Management

Input validation

Session management

Cryptography

Business logic

Client side
What We Deliver
A detailed application security report including an executive summary that outlines the overall state of the application and our technical findings coupled with recommendations
—
Documentation of attacks involving multiple exploits compiled to outline how an attacker could chain vulnerabilities together to compromise your application
—
A root-cause analysis to provide both tactical and strategic recommendations
Related Resources
April 28, 2016
WEB APPLICATION SECURITY TESTING METHODOLOGY
Our application security testing methodology is derived from the OWASP Top 10:2013 and has been enhanced with current threats and our overall experience in the industry.
101000110010101001001110010110010100010100101111001010100000001
