Need help? Call Customer Support | 800-301-3894

Web-based Application Testing

A Web-based application test seeks to locate and document system and application-level vulnerabilities in web-based applications, including unauthorized data access and privilege escalation issues.  Usually Internet-based, these tests look for a broad range of issues including SQL tampering, cross-site scripting/tracing issues, and other input manipulation and data normalization issues.  They are conducted by our experts by hand, using transaction-intercepting proxies and input enumerators, because automated tools currently tend to find only 'low-hanging fruit' issues and produce too many false positives. 

  • Black Box - A "black box" web application test assesses the target application as an unauthenticated user and (sometimes) as an authenticated user.  For authenticated testing, two ordinary user logins to the application are required, permitting us to test for inter-user data access and session-related issues.  The testing seeks to identify a broad range of technical issues leading to unauthorized access, inter-user data access, and privilege escalation.  
  • Code Assisted - A code-assisted application security test assesses the target application as unauthenticated user and as an authenticated user.  Through reference to the source code, the testing results may be more accurately described in terms of risk and remediation recommendations.  Two ordinary user logins to the application are required, permitting us to test for inter-user data access and session-related issues.  The testing seeks to identify a broad range of technical issues leading to unauthorized access, inter-user data access, and privilege escalation.  Bugs are tracked back to the relevant source code, which helps ensure the accuracy of results and recommendations. Recommendations for remediation may thus be tied to specific code segments in need of improvement.