The Fundamentals of Web App Penetration Testing A couple of blog posts ago we went through the fundamentals of Web Application Penetration Testing. We suggested that a web application penetration test is an assessment of the security of the code and the use of software and libraries on which the application runs. Pen testers are security professionals that will search for vulnerabilities in web apps such as: Injection vulnerabilities Broken authentication Broken authorization Incorrect error handling In this blog post, we will discuss the pricing and overall economics of conducting web app penetration tests. First, as a note, from a broad perspective, a penetration test is an authorized simulated cyber-attack on a computer system or application performed to assess the strengths and weaknesses of the systems or application from that of a criminal, hacker, insider threat, and so on. One thing to remember is that a penetration test is a point-in-time test that is or should be conducted periodically as systems, applications and environments change frequently and thus, so does the security of those assets. Penetration tests are critical to providing IT security an understanding of the overall security posture of the organization and the individual assets within the organization. It tests the security controls the organization has adopted for the sole purpose of strengthening existing controls and adding new controls to eliminate weaknesses. Web Apps are the Most Targeted Asset by Hackers In our previous blog post, we touch on some of this information so why the review? Because web apps are by far the most targeted asset cybercriminals use to access systems, escalated attacks, gain privileges to high priority systems and ultimately steal the sensitive data of the organization, its customers, and employees. As a matter of fact, according to SANS institute, web applications account for more than…
Continue Reading