Web Application Penetration Testing
Finding more faults than your mother-in-law!
If you have an application that needs to be tested for security then you’ve come to the right place. Learn why we’re the best in the business!
Let us safely discover security flaws in your application.
Many applications simply present database views to the internet. Need assurance that there’s not a back door into the whole dataset? You want us to discover flaws before someone else does.
Your clients, your employees, and your reputation could all be at risk. Penetration testing provides peace of mind that your web application is protected. You don’t have to be reactive to malicious intrusions. You can be proactive.
Our engineers have backgrounds in development. We understand and appreciate the time you have already put into your application. We can help you prioritize your next steps. Some will be immediate. Others can be spread out into your normal development schedule.
Security and Compliance Requirements
Some compliance frameworks require regular penetration tests of web applications. Examples of such are PCI, HIPAA, and FFIEC. Alternatively your organization could have controls requiring testing in your security program. Because we also specialize in compliance and assessments, our engineers will ensure your success.
Recent Blog Posts
This is an article in a series on Web Application Vulnerability Basics. What Is Insecure Direct Object Reference? Insecure Direct Object Reference, also known as IDOR, is a reference to an internal implementation object that is exposed to a user without proper...
NuHarbor performed a web application penetration test and was able to gain access to secure content. We didn’t realize our admin application server was exploitable. Their skilled engineers provided remediation guidance that allowed us to close the vulnerability.
Penetration Testing Checklist
Here’s a checklist of what we might look for:
Logging and Monitoring
Does the application track users properly? Are systems actively checked?
Is there proper authentication? Do authorization controls apply to users’ actions?
Sensitive Data Exposure
Does the application disclose confidential information? Is the environment providing information that could aid an attacker?
Are user inputs validated and sanitized? Does the application behave independently of input?
Does the application enforce output Encoding? Is there consistent interpretation of the output?
Are there filtering mechanisms? Do they proactively defend against common web application attacks?
SSL Encryption Analysis
Does the web server support the security levels of the encryption ciphers? Are certificates supported on both the server-side and client-side?
Is parameter handling secure? Could the application mishandle authorization information? Could server-side information mistakenly be sent to the user?
Application Logic Flow
Does the application enforce logic flow? Could an attacker control the application flow at will?
Are there cross-site scripting vulnerabilities? Is there proper encoding of user-supplied input?
Does user input construct database queries? Can an attacker craft an input to control queries beyond the programmer’s intent?
Do user inputs construct file paths? Can an attacker craft an input to escape the directory structure of the application?
XML External Entities
Is it possible to inject XML tags or modify the XPath query?
Are the application’s certificates current, issued by a trusted authority, in the correct domain name, etc?
Are there instances that result in values above or below the allowable integer value?
Does the application perform proper bounds checking?
Known Vulnerable Components
Are server-side and client-side components current and secure?