Application Penetration Testing
An Application Penetration Test (aka, pentest) is a method of evaluating the security posture of an application(web or mobile) by simulating an attack from malicious outsiders who would not otherwise have authorized access. Identified vulnerabilities such as Cross-Site Scripting (XSS), SQL Injection and Cross-Site Request Forgery (CSRF) are documented and exploited in an effort to determine whether unauthorized access of malicious activity is actually possible.
The overall goal of an Application Penetration Test is to identify vulnerabilities in web applications, document them, validate them through exploitation, apply risk ratings and formally document the results in a report combined with appropriate recommendations for remediation. Rigo Technology uses the industry standard methodology for testing, reporting and remediation laid out by the Open Web Application Security Project (OWASP) Top 10 Risks. And also we have our own Testing Check-list to verify the different vulnerabilities.
Information gathering via DNS records, config files, error codes, robots files, etc
Spidering using application mapping tools and manual processes
Config Management testing including database listeners, SSL, backup, files, etc
Auth and Session management testing involving passwords, cookies
Data Validation including XSS, SQL injection, command injection and others
Web Services testing involving WSDL, XML, SOAP and API abuse
Report findings, evidence and recommendations
The whole process of application penetration testing will be manual which will give you 0% false positive report. Besides that a comprehensive report detailing the findings, risk ratings, recommendations, methodology, tools, evidence and screen-shots will be provided.