web application Penetration Testing

Your website is always available to the world, to both legitimate and illegitimate users. An attacker would always try to get valuable information to get access to your servers and get vital information or try to explore a misconfiguration on your website. This could hamper the growth of your business. We therefore ensure that your website is secured from these intruders using techniques such as the OWASP top ten checklist.

  • SQL injection
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • Directory traversal and path manipulation
  • Authentication brute-force
  • Authorization implementation defects
  • Access control defects
  • Session hijacking
  • Security misconfiguration
  • Parameter injection
  • Application logic defects
  • Buffer overflow
  • SSL and transport layer weaknesses
  • Information leakage
  • Penetration testing helps organizations pro-actively identify and address security vulnerabilities within their web-based applications, which ultimately saves millions of dollars and in addition, the reputation of the company.
  • Process Structure

We follow these industry standard in Pen-testing your website:

Planning

The Maideaz experts work with the customer to clearly define and document test objectives, scope and rules of engagement. We conduct interviews to gain thorough knowledge of customer’s testing goals and needs, security and compliance requirements, business risks and other related factors.

Automated Testing

The Maideaz team uses industry leading web application vulnerability scanning tools to enumerate and analyze targeted web application. All vulnerabilities identified by automated testing process are manually re-checked to make sure that they indeed exist and are exploitable.

Manual Testing

At Maideaz, we would re-check automated testing methods with manual testing. During that phase, our experts leverage readily available information which helps identify possible attack patters on select targets, and devise and launch their own manual attacks against the web application. Our experts at Maideaz would assay to access actual data and functionality to fully demonstrate the significance of identified weaknesses but all these would be done within the confines of the laid down rules of the company meticulously ensuring that we nothing is done to the website throughout the testing phase

Reporting

Following the completion of a penetration test, Maideaz ensure a detailed delivery of our findings. The report includes Executive Summary section for the management and a prioritized list of issues for development with practical recommendations for their implementation. We also meet with the customer’s technical team to discuss the testing results and provide ongoing support throughout the process.