7Safe specialises in web application penetration testing security, finding weaknesses by undertaking application security penetration tests . The field has become complex and our people believe that applications present the greatest risks to organisations as a whole.
The techniques, tools and methodology used by 7Safe’s application penetration testing team are constantly updated to ensure that application security is assessed both for the conventional (SQL Injection, Cross Site Scripting and other OWASP “Top Ten”) as well as the latest cutting edge security vulnerabilities. Web application testing tends to therefore do away with tools and instead focus on years of experience in web application security often using nothing more than a browser and strong intuition.
Web Application Penetration Testing Security Experience
Over the years 7safe has built up significant experience in a variety of application penetration testing scenarios including:
- Online Banking
- Gambling & Gaming
- HR & Payroll systems
- Customer Relationship Management
- Content Management Systems
- Social Networking Sites
- Overall Web 2.0 applications & content
- Binary Applications
Application Penetration Testing: Technologies
7Safe’s application pen testing team has assessed applications written in many different technologies. The applications are assessed and tested against conventional security issues such as;
- Cross-Site Scripting,
- SQL Injection,
- Cross-Site Request Forgery,
- File Include,
- Direct Object Reference etc.
… as well as business logic bypass issues to assess any risk to unauthorised access to information (i.e. rather than testing from the front door, what can be seen laterally within an application with genuine but possibly stolen credentials?).
Application Penetration Testing: The Importance of Careful Scoping
Prior to penetration testing applications, 7Safe consultants spend time in understanding the application’s functionality in depth to identify different features offered by the application such as;
- User privileges,
- Nature of information processed by the application etc.
Identifying all such aspects of the application during the web application testing process helps 7Safe’s application penetration testing testing team to;
- assess associated risks linked to the application &
- determine what level of access would be required to identify attack vectors which could result in such risks.
This information is then submitted to our client and the relevant levels of access obtained for carrying out the application security testing.
Clarity of Application Penetration Testing Reports
The results of application penetration testing are documented in the form of a full technical report. Each issue identified within the application penetration test is then explained with all technical details along with steps/guidelines on how this issue can be recreated by our client. Along with each issue identified during the web application security penetration testing process, 7Safe’s team provides recommendations on how an issue can be properly addressed.
The application pen test report also has an ‘executive summary’ section containing management-level information, written in plain English. We also present an overview of the overall level of web application security and our major concerns (along with the steps which should be taken to further improve security).
7safe’s application penetration testing team prides itself in undertaking constant research to identify new/emerging threats within the areas of web application security and our team members are subsequently invited to speak at leading IT security conferences around the globe.