Description

Security Footprint roleplays as an unauthenticated (anonymous) or authenticated malicious user that is targeting weaknesses and vulnerabilities within the application. Key objectives include successful execution of client-side attacks, gaining unauthorised access to application functionality, sensitive or secured information, the underlying system, the database services and the supporting systems in the surrounding application environment.

Security Footprint has based its testing methodology on years of experience and industry recognised web application best practices such as The Open Web Application Security Project (OWASP). At a high level the security testing includes the following methodology that targets key security controls within web applications:

• General information gathering and exploration of the application and its underlying framework, services and supporting system components
• Authentication controls
• Session management controls
• Data validation controls that include input validation and output sanitisation
• Authorisation controls
• Exception handling
• Denial of service issues within the application (Take note that this testing is specific to the application and its functionality. For example a vulnerable search function leading to high CPU usage.)

• Services
• WebApp