More Services

Application Penetration Testing

Overview


An Application Penetration Test (aka, pentest) is a method of evaluating the security posture of an application(web or mobile) by simulating an attack from malicious outsiders who would not otherwise have authorized access. Identified vulnerabilities such as Cross-Site Scripting (XSS), SQL Injection and Cross-Site Request Forgery (CSRF) are documented and exploited in an effort to determine whether unauthorized access of malicious activity is actually possible.

The overall goal of an Application Penetration Test is to identify vulnerabilities in web applications, document them, validate them through exploitation, apply risk ratings and formally document the results in a report combined with appropriate recommendations for remediation. Rigo Technology uses the industry standard methodology for testing, reporting and remediation laid out by the Open Web Application Security Project (OWASP) Top 10 Risks. And also we have our own Testing Check-list to verify the different vulnerabilities.

Methodology


Information gathering via DNS records, config files, error codes, robots files, etc

Spidering using application mapping tools and manual processes

Config Management testing including database listeners, SSL, backup, files, etc

Auth and Session management testing involving passwords, cookies

Data Validation including XSS, SQL injection, command injection and others

Web Services testing involving WSDL, XML, SOAP and API abuse

Report findings, evidence and recommendations


Deliverables


The whole process of application penetration testing will be manual which will give you 0% false positive report. Besides that a comprehensive report detailing the findings, risk ratings, recommendations, methodology, tools, evidence and screen-shots will be provided.