Web App Pentest

Web applications are nowadays an integrated part of every organization and they represent a high value target for adversaries. The Web Application Pentest is based on the latest OWASP Top Ten framework which guarantees that your application is tested against a wide range of vulnerabilities. This ensures that the highest risk vulnerabilities are discovered and mitigated before attackers can exploit them.

Testing Approach

Broken Access Control
Cryptographic Failures
Injection Attacks
Insecure Design
Security Misconfiguration
Vulnerable and Outdated Components
Identification and Authentication Failures
Software and Data Integrity Failures
Security Logging and Monitoring Failures
Server-Side Request Forgery

Business Case

Tripla Consult evaluated Braavos’ eBank application (a fictional client) through the web app pen testing.

It was found that the Braavos’ eBank application is lacking input validation on critical functions. Malicious actors can abuse these vulnerabilities to read plain text passwords, credit card numbers and source code. The findings have high impact on confidentiality, integrity and availability (CIA) which could directly affect Braavos’ brand and its customers.

Additionally, the verbose error messages and test default credentials suggest improper separation between the development and production environments.

tripla_consult_webapp_report-1 Download

Blog articles

About me

My name is Andrei Agape, I’m an offensive security researcher and freelancer with several years of experience working for companies in Europe, Asia and USA.

Several of my qualifications and achievements include:

Offensive Security Certified Professional (OSCP)
Certified Red Team Professional (CRTP)
Certified Red Team Azure Professional (CRTAP)
Researcher and member of Synack Red Team
Azure Cloud Contributor at hackingthe.cloud
Mentor and trainer on Mentorcruise
Guest lecturer for the Board of European Students of Technology (BEST)

WANT TO know MORE?

book a free 1 hour meeting

CONTACT@TRIPLA.DK