WAPT (Web Application Penetration Testing)

What is WAPT?

​

The primary objective behind a Web Application Penetration Testing (WAPT) is to identify exploitable web application vulnerabilities, weaknesses, and technical flaws in applications before attackers can discover and exploit them. Web application penetration testing reveals real-world opportunities attackers could use to compromise applications to gain access to sensitive data.

Besides the Open Source Security Testing Methodology Manual (OSSTMM) and the Penetration Testing Execution Standard (PTES), penetration testing leverages the Open Web Application Security Project (OWASP), a framework for assessing the security of web-based applications. Our web application penetration tests simulate real-world attacks to provide a realistic assessment of vulnerabilities and threats to the customer’s application environment.

Our Web Application Penetration testing is carried out in multiple ways.

​

​

• Dynamic Application Security Testing (DAST): A DAST approach involves looking for vulnerabilities in a web app that an attacker could try to exploit. This testing method works to find which vulnerabilities an attacker could target and how they could break into the system from the outside.

 

• Web App Infrastructure Review – This will involve a thorough review of supporting infrastructure such as the Web Server (IIS/ Apache), Additional API interfaces etc.

 

• Database Controls – These are tested as part of the Web App testing AND are also reviewed separately from a security perspective.

 

Web-based applications are evaluated against the OWASP Top 10 Web Application vulnerabilities. Following is the list of OWASP