We’ve recently seen an uptick in vendor security assessment questionnaires (VSAQs) that are requiring organizations to do white box application penetration testing. Obviously this may be anecdotal, but we thought it would be a good opportunity to discuss what is being asked of you when it comes to white box or clear box testing, and […]
In today’s blog, we’re going to discuss what can go wrong during a web application penetration test and some strategies that can help you and your testing team avoid running into these issues. Any type of penetration test is an exercise in identifying and exploiting vulnerabilities in a target, just like an attacker would. In […]
As we continue our series explaining some of the most common web application vulnerabilities we encounter during penetration tests, we arrive at cross-site scripting (XSS). XSS comes in at number 7 on the most recent OWASP Top 10 release, so it is still an issue for a significant number of applications and organizations. Caused by […]
As we continue our mini-series addressing some of the most common web application vulnerabilities we see during assessments, we turn our attention to the broad category of authentication weaknesses next. The OWASP Top 10 identifies this category as number 2 on its list, meaning it is obviously well known and prevalent. So then why are […]
As we continue to try and share knowledge we’ve gained in our time performing penetration testing, we’re going to focus on another common web application vulnerability I keep running into. Authorization bypass is number 5 on the OWASP Top 10, further demonstrating that this continues to be a common issue plaguing web applications. The biggest […]
Such a simple question, but it has many different answers, all of which can be important to your understanding of web application security. The Open Web Application Security Project (OWASP) is a non-profit organization with a simple mission: Improving the Security of Software. The organization is open to anyone, receiving contributions from security professionals and […]
Have questions about a web application penetration test? We have you covered in this blog. This is our complete web application penetration test guide which will briefly introduce all of the other blogs we’ve written on the topic and provide a link to more detailed information, should you need it. What is a Web Application […]
Over the past few months, we have had several customers ask us about when is the right time to penetration test a new application in their environment. Right off the bat, we like this question, because it recognizes the fact that a new application needs a penetration test. You never want to roll a new […]
A web application penetration test takes a look at the security of external or internal application for your organization. This type of testing goes above and beyond standard network-level penetration testing, focusing on the both the unauthenticated and authenticated portions of a website. But why do web application penetration testing? What threats are you addressing for […]
Let’s remove some of the mystery behind how web application penetration tests are priced. One of our core tenets is honesty and transparency, so if we can clarify the process of scoping out a penetration test and help you understand how much a web application penetration is going to cost, it may make you more […]
