WEB Penetration Testing

Why bother?

Often, a website is the most public IT resource in an organization – and, understandably, it is also the most prone to malicious attacks. If not properly secured, a website is frequently used to launch further attacks against an organization’s infrastructure. Testing a website for any potential security issues is essential to ensuring these malicious attack attempts do not result in a security breach.

How does it work?

The web application security testing offered by dots. is carried out and documented according to the OWASP guidelines (Open Web Application Security Project). The testing is done in multiple phases and usually entails the following as a minimum:

  • Information gathering;
  • Application structure and functionality enumeration;
  • Configuration and deployment;
  • User identity management;
  • Authentication mechanism(s);
  • Authorization schema;
  • Session management;
  • Data input validation (i.e. – injection vectors);
  • Use of cryptography where applicable;
  • Business logic verification;
  • Client-side vulnerabilities (e.g. – XSS).

Any relevant observations made during the testing phase will be categorized according to the potential impact on the system and presented in the final report along with detailed descriptions of the issues, as well as recommendations for risk mitigation.

What does it mean to my organization?

Security testing is an essential phase in the lifecycle of any web application. Due to the ever-changing and dynamic nature of IT, security testing on a web application should ideally be carried out periodically as new vulnerabilities and attack vectors are frequently discovered. Our web application penetration tests are achieved in a structured manner, using both manual testing and various automated tools. Any potential security issues are outlined to the client – including poor configuration, out-of-date patching, cross-site scripting vulnerabilities or any potential injection vectors.

What are the benefits?

  1. Potential risk and attack vector identification.
  2. Risk mitigation recommendations.
  3. Improved IT security posture for the organization.
  4. Increased employee IT security knowledge.
  5. Ensured compliance with any relevant laws and regulations.

Let's protect.

We are happy to share our knowledge, experience and expertise. Let us know what you need, and we will contact you directly.