web application testing: how we do it

To properly crawl an application, no matter what web technology is written in, we need technology.

Web Application TestingThe engines we use for deep scanning a web application fully replicate user interaction inside of a browser by executing and analysing all JavaScripts

Also, we crawl inside complex web technologies like AJAX, SOAP/ WDSL, SOAP/WCF, Java Frameworks, WADL, XML, AngularJS, EmberJS, JSON, Google Web Toolkit, CRUD, Ruby on Rails.

Code and SQL Injection

SQL Injection are old, but still very diffused hacking techniques: they allow attackers to modify SQL queries in order to gain access to data. Cross-Site scripting attacks allow attackers to execute malicious scripts inside visitors’ browser possibly leading to impersonation of that user.

We check in-depth for SQL Injection, Cross-Site Scripting (XSS) Vulnerabilities, Out-of-band SQL Injection and DOM-based XSS.

WordPress vulnerabilities

WordPress websites are scanned for more than 1000 known vulnerabilities in WordPress’ core components, plugin and themes.

Authenticated Web Applications test

Testing authenticated areas of your web applications is absolutely crucial. Providing a testing-purpose user credentials will ensure to perform a full testing coverage. The login sequence tool automates all necessary actions in order to re-play the scanning later, if required.

What happens after the first test

Vulnerability AssessmentAssuming that after the first scanning the customer will fix the app to ensure proper app security, what will happen next? It depends on the application itself:

  • custom-designed web applications may be modified to implement new features; if an human error occurs in programming this could lead to serious vulnerabilities
  • standard applications like WordPress, SharePoint, etc., are continuously updated to fix newly discovered vulnerabilities; known vulnerabilities are known also by the hackers that have thousands of automated hacking systems worldwide
  • the same happens to underlying operating systems and databases that are updated by vendors and development communities to fix vulnerabilities; serious vulnerabilities can occur if these patches are not applied

We suggest to apply for an Optanex scheduled scanning; every defined period of time a deep scanning will be executed and reports will be sent with application security status.

What you will get

After 24 to 48 hours worktime, you’ll receive a summary and a detailed report for each website you have applied for.

Informations you will find in the reports

Vulnerability Assessment: scan result

  • summary reports are brief, non-technical documents, very useful for involving in discussion non-IT C-level executives
  • detailed reports are comprehensive, technical documents with all details regarding the (eventual) vulnerabilities; for every vulnerability the reports specify the components involved in the vulnerability (libraries, scripts, certificate, methods, etc.) and the possibile remediations to fix them. Detailed reports can count up to 100 pages, depending on the complexity of the application.

All reports will be sent only to the technical email address you have specified.

Request an estimate

Apply for an Optanex website vulnerability assessment compiling the form below; as soon as we’ll receive your request, we’ll inform you if testing is feasible or not.

If it’s feasible, you’ll receive the estimate in a few hours and if you decide to proceed our technical staff will start the testing. Note that pricing includes up to three websites testing.

Start here your vulnerability assessment

Tell me more about this
I want to know more about this