Web Application Penetration Testing

Our CREST Certified Web App Penetration tester has CHECK Team Leader status with over 11 years experience in Web Application Penetration Testing.

Having been CREST CCT (Web App) accredited since 2009 he is also a Certified Reverse Engineering Analyst (CREA), Certified Binary Auditing Expert (Windows), Offensive Security Certified Professional (OSCP), SANS GIAC Hacker Techniques, Exploits & Incident Handling (GCIH) and a Certified Ethical Hacker (CEH) v1.0since 2005.

Web Application Security – Both mobile and web applications are tested for flaws in multiple areas. This includes:

  • Input validation (injections such as SQL injection, or Cross Site Scripting (XSS))
  • Use of encryption
  • Registration and authentication controls
  • Authorization and/or session management
  • Application structure
  • Password policies
  • Business logic areas

All OWASP and SANS 25 top controls are covered in our methodology to ensure comprehensive testing is performed against client application.