Web Application Penetration Testing Services

OWASP Top 10

The OWASP Top 10 provides a way to rank and remediate the top 10 most critical web application security risks. Below is a list of the most current release for OWASP Top 10:

Current OWASP Top 10 List Released for 2021-2022:

• Broken Access Control
• Cryptographic Failures
• Injection
• Insecure Design
• Security Misconfiguration
• Vulnerable and Outdated Components
• Identification and Authentication Failures
• Software and Data Integrity Failures
• Security Logging and Monitoring Failures
• Server-Side Request Forgery (SSRF)

compare

The expert penetration testers at Artifice Security use automated scanners at the beginning of the assessment (10%) and then pivot into manual penetration testing for the remaining part (90%). Knowing the web application’s context, we can provide penetration tests geared to your individual security needs and make it relevant to your user base.

Methodology

After years of performing penetration testing, Artifice Security has created a proven, repeatable methodology that will meet your organizational needs. As a manually-performed penetration testing company, we guarantee that no false positives will be in your report, and we provide proofs-of-concept that you can verify.

Our security experts are diverse with experience working as system administrators, web developers, network engineers, and cloud specialists to military veterans and former NSA employees who held Top Secret clearances. Artifice Security consultants have also taught and spoken at cybersecurity conferences and created tools used by many penetration testers today. Each of our consultants is not only highly passionate about security, but they are also highly credentialed.

01

Define the Scope

Before the start of the penetration test, Artifice Security will collaborate with your team to determine the exact scope of your web application. We will communicate with your team to assess your application’s size, complexity, framework, roles, and how it is supposed to function normally.

• Determine which applications are needed for testing to include domains and IP addresses for the host systems
• Evaluate which directories or files, if any, are excluded from testing
• Determine penetration testing performed in production or test/QA environment
• Determine testing dates and times for the penetration test
• Exchange key personnel and emergency contact information for any critical findings found.

02

Information Gathering / Recon Phase

During the information-gathering phase of the assessment, Artifice Security will perform passive information gathering against your organization using Open Source Intelligence (OSINT) tools and techniques. This public dat a can help us determine undiscovered risks to your business and show you what anonymous information is out there on the Internet. This targeted intelligence includes the following checks:

• Searches for documents such as PDF, DOCX, XLSX, and PPT documents that may contain exposed sensitive or customer information without your knowledge
• Searches on the Internet and Darkweb for leaked credentials contained in password breach databases
• Searches in repositories such as Github and other developer forums that may contain sensitive data related to your web application or organization
• Checks to find similar domain names as yours to determine your risk to phishing (risks to domain spoofing)
• Exposed robots.txt file to find potential hidden directories and files.

03

Enumeration Phase

• Map out and crawl through the application using a proxying tool
• Enumerate all directories and subdomains
• Search for possible hidden directories and files
• Perform subdomain takeover checks
• Check cloud services for misconfigurations (e.g., publicly exposed S3 buckets)
• Check all possible open ports and services on the host server
• Determine frameworks in use and associated software and libraries in use
• Research and correlate known vulnerabilities for libraries and services used by the application

04

Attack and Exploitation Phase

• Configuration and Deployment Management Testing
• Identity Management Testing
• Authentication Testing
• Authorization Testing
• Session Management Testing
• Data Validation Testing
• Error Handling Testing
• Cryptography Testing
• Business Logic Testing
• Client-Side Testing
• API Testing

05

Reporting Phase

The report begins with an executive summary which gives a layman’s explanation of the findings and conveys the overall risk to your web application(s) and organization. In addition to a summary of findings, we also provide a list of positive results found during testing. Next, the report explains how we determine criticality and risk for each discovery so you can better understand how we prioritize findings and how we rate severity for each vulnerability.

Further in the report, we break down each vulnerability in technical detail, including a summary of the finding, affected location(s), proofs-of-concept, and remediation steps. Each detailed proof-of-concept has easy-to-follow steps for your team to recreate the process of how we exploited the vulnerability.

In addition to the report, Artifice Security also provides you with a customer-facing report and attestation letter if needed.

06

Remediation Testing (Retesting)

As part of your penetration test, Artifice Security includes performing remediation testing (retesting) against your web application after your team remediates all findings. This retesting helps ensure your organization has adequately implemented changes to fix all vulnerabilities. Remediation and retesting also give compliance auditors and customers proof of your lowered or eliminated risk. After remediation testing completes, we will provide you with an updated report that reflects the current state of your web application.

FAQ