Web applications are popular targets of cyber attacks due to their vast spreading and their world wide accessibility. Modern web applications are the backbone of various business models which increases the threat of being attacked. Often databases with user accounts or payment information make it profitable to attack web applications. Data loss, legal recourse or a damaged image are some of the consequences of successful attacks.
During an audit, we do focused and realistic attacks on your web application in order to identify vulnerabilities and security related issues. This includes the web server as well as other services, that are relevant to run your web application. These attacks might be from the perspective of an external adversary as well as from a normal user.
The basis for the web application audit is the widely known Web Application Penetration Testing guideline published by the non-profit OWASP (Open Web Application Security Project) organization and their Application Security Verification Standard (ASVS).
During the audit, you get regular reports, that keep you up-to-date and informed about the ongoing steps. In the very end, you get a final report that contains all the details about issues, their rating and how to come by. Every issue is prioritized, which makes it easier to decide about your next step.
A web application audit is a security audit where the following properties apply.
Web applications and their operating environment (e.g. Webserver)
White, grey or black box
External or Internal
Direct attack attempts or covert attack
Full or focused
Passive, polite, aggressive or paranoid