Web applications deliver accessible and powerful services to consumers and businesses throughout the world. At the heart of modern banking, e-commerce and cloud-based IT provision, they are an attractive and easy target for cyber criminals. In common with all software, web applications contain vulnerabilities which can be exploited by a hacker to steal confidential information directly or to create a transmission platform to infect another computer with malware.
Penetration testing or ethical hacking is a key technical audit tool for the risk assessment of a software application. A web application penetration test is designed to identify security weaknesses which have been unknowingly added by software developers as they design, code and publish their software.
Performed with the permission of the software owner, our web application penetration testing service uses a series of automated and manual processes to identify vulnerabilities and demonstrate how they can be used to facilitate a cyber attack. Measures and controls to prevent or mitigate the impact of an attack are recommended for each major vulnerability. This information is delivered in a Penetration Test Report which is used as a practical guide to improve the security of the software application. It is also used to meet the organisational requirements for compliance to standards such as the Payment Card Industry Data Security Standard (PCI DSS) and ISO 27001.
Our Web Application Penetration Test Report includes an overview of the tests performed, an executive management summary, a technical summary and a technical detail section. The Common Vulnerability Scoring System (CVSS) describes the principal characteristics of a vulnerability and defines a numerical score reflecting its potential severity of impact. Remedial activities that prevent or mitigate the cyber exploits associated with each vulnerability are identified and linked to references that provide further detailed background information.
The Wizard Cyber penetration testing service is delivered by an experienced team who are certified by CREST (the Council of Registered Security Testers) and have over 15 years of combined experience in the field of information assurance and penetration testing. They are guided by the best practice testing methodology as published by OWASP, OSSTMM, CVSS and the SANS Institute.
The Wizard Cyber penetration testing team use the OSSTMM guidelines to deliver a comprehensive and standards-based testing programme. Our testing methodology is based on the industry-standard Open Web Application Security Project (OWASP) Testing Guide v4.