Web Application Penetration Testing

Redpoint's OSCP-Certified Ethical Hackers Provide Expert Application Testing Services

Redpoint’s OSCP-certified ethical hackers perform expert Web Application Penetration Testing to identify vulnerabilities that are frequently not identified by automated scanners.
We utilize real-world attack techniques to address the OWASP application security risks, and our testing methodologies include but are not limited to the following areas.
  • Compliance focused testing and validation, e.g PCI-DSS, GDPR compliance.
  • Manual testing and validation of web application logic.
  • Specific manual testing for a variety of vulnerabilities, including but not limited to:
  • Injections such as SQL, NoSQL, OS, and LDAP Injection
  • Broken Authentication
  • Sensitive Data Exposure
  • XML External Entities (XXE)
  • Broken Access Control
  • Security Misconfiguration
  • Cross-Site Scripting (XSS)
  • Insecure Deserialization
  • Using Components with Known Vulnerabilities
  • Insufficient Logging & Monitoring
  • Authorization checks, including horizontal and vertical privilege escalation, to determine whether an attacker may abuse intended functions to gain additional access.
  • Analysis of target web server vulnerabilities to evaluate susceptibility to publicly-available system exploits.
  • Identification of information leaks and configuration disclosures.
  • Tests for the exposure of files, scripts or user data which may be made accessible through the use of specially-crafted requests.
  • Review of APIs/web services to see if they yield sensitive information or access, including the disclosure of server or API documentation.