webapp

Web Application Security Testing, sometimes known as Web Application Penetration Testing, is a form of testing that identifies weaknesess and vulnerabilities affecting a given application. Web Application Security Test scopes are affected by a large amount of variables (front-end, middleware, backend technologies used, language differences, size and shape of application etc.), but our commitment to incredible support means you’re taken care of from start to finish.

Our consultants, in addition to being familiar with common web technologies and vulnerabilities, also test more obscure platforms. They have particular expertise with the following technologies:

  • IIS/MSSQL/.NET/Azure
  • PHP, Apache and MySQL
  • Ruby on Rails
  • Perl CGI
  • Django, Flask, Web.py
  • Java
  • Silverlight, Air, Client-side Java
  • NoSQL
  • HTML5, Javascript frameworks

And many more.

The Mandalorian Approach

Following an initial scoping meeting or call, we provide a fully scoped quote for your Web Application Security Test. Our consultants perform the work in accordance with the agreed scope. Once testing is complete, our consultants will produce a report with a high level executive summary, detailed technical section and appendices for any relevant observations requiring further detail.

Typical Findings

While every web application is different, our consultants often find vulnerabilities well represented in the OWASP Top 10, as well as those not represented or more suited to the Common Weaknesses Enumeration (CWE) project. Common findings identified in Web Application Security Tests include:

  • SQL Injection
  • Cross-Site Scripting (XSS)
  • Arbitrary file access
  • Remote command execution
  • Application logic flaws
  • Authentication bypass weaknesses.

Why Choose Mandalorian?

There are many reasons to choose Mandalorian. We have consultants with over a decade’s extensive expertise in web application security. We’re committed to being open, flexible, and consistent to make your customer service experience as good as possible. Our team holds testing certifications from Tiger Scheme, CREST and CESG and we pride ourselves on maximising knowledge transfer to help your team avoid application security weaknesses in future projects.

Next Steps

Call us now on 01256 830 146 or give us a few details about when your next health check is due and how we can help and we’ll get back to you asap.