Web applications are nowadays an integrated part of every organization and they represent a high value target for adversaries. The Web Application Pentest is based on the latest OWASP Top Ten framework which guarantees that your application is tested against a wide range of vulnerabilities. This ensures that the highest risk vulnerabilities are discovered and mitigated before attackers can exploit them.
Testing Approach
- Broken Access Control
- Cryptographic Failures
- Injection Attacks
- Insecure Design
- Security Misconfiguration
- Vulnerable and Outdated Components
- Identification and Authentication Failures
- Software and Data Integrity Failures
- Security Logging and Monitoring Failures
- Server-Side Request Forgery
Deliverables
- Scoping meeting
- Statement of work
- Automated scanning
- Manual pentesting
- Technical report
- Executive summary
- Presentation meeting
- Retest of mitigations
Blog articles
- Trying to bypass authentication in Portainer 1.24 Web UI
- Multiple vulnerabilities in nodejs ecstatic/http-server (http-party)
- SonarQube projects source code scrapper
- homebridge-config-ui-x: default creds, authenticated cmd exec and LFI
> TRIPLA SECURITY 