web application testing: how we do it

To properly crawl an application, no matter what web technology is written in, we need technology.

Web Application Testing The engines we use for deep scanning a web application fully replicate user interaction inside of a browser by executing and analysing all JavaScripts

Also, we crawl inside complex web technologies like AJAX, SOAP/ WDSL, SOAP/WCF, Java Frameworks, WADL, XML, AngularJS, EmberJS, JSON, Google Web Toolkit, CRUD, Ruby on Rails.

Code and SQL Injection

SQL Injection are old, but still very diffused hacking techniques: they allow attackers to modify SQL queries in order to gain access to data. Cross-Site scripting attacks allow attackers to execute malicious scripts inside visitors’ browser possibly leading to impersonation of that user.

We check in-depth for SQL Injection, Cross-Site Scripting (XSS) Vulnerabilities, Out-of-band SQL Injection and DOM-based XSS.

WordPress vulnerabilities

WordPress websites are scanned for more than 1000 known vulnerabilities in WordPress’ core components, plugin and themes.

Authenticated Web Applications test

Testing authenticated areas of your web applications is absolutely crucial. Providing a testing-purpose user credentials will ensure to perform a full testing coverage. The login sequence tool automates all necessary actions in order to re-play the scanning later, if required.

What happens after the first test

Vulnerability Assessment Assuming that after the first scanning the customer will fix the app to ensure proper app security, what will happen next? It depends on the application itself:

custom-designed web applications may be modified to implement new features; if an human error occurs in programming this could lead to serious vulnerabilities
standard applications like WordPress, SharePoint, etc., are continuously updated to fix newly discovered vulnerabilities; known vulnerabilities are known also by the hackers that have thousands of automated hacking systems worldwide
the same happens to underlying operating systems and databases that are updated by vendors and development communities to fix vulnerabilities; serious vulnerabilities can occur if these patches are not applied

We suggest to apply for an Optanex scheduled scanning; every defined period of time a deep scanning will be executed and reports will be sent with application security status.

What you will get

After 24 to 48 hours worktime, you’ll receive a summary and a detailed report for each website you have applied for.

Informations you will find in the reports

summary reports are brief, non-technical documents, very useful for involving in discussion non-IT C-level executives
detailed reports are comprehensive, technical documents with all details regarding the (eventual) vulnerabilities; for every vulnerability the reports specify the components involved in the vulnerability (libraries, scripts, certificate, methods, etc.) and the possibile remediations to fix them. Detailed reports can count up to 100 pages, depending on the complexity of the application.

All reports will be sent only to the technical email address you have specified.

Request an estimate

Apply for an Optanex website vulnerability assessment compiling the form below; as soon as we’ll receive your request, we’ll inform you if testing is feasible or not.

If it’s feasible, you’ll receive the estimate in a few hours and if you decide to proceed our technical staff will start the testing. Note that pricing includes up to three websites testing.

Start here your vulnerability assessment

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others