What is Web Application Penetration Testing? Web application penetration testing is a point-in-time security assessment of a web application and web server. The web application assessment is a consultant lead manual security test, helping identify security issues with all core application functionality (detailed below). Testing provides clear remediation instructions for discovered security issues, allowing your team to fix any discovered issues.
Website Penetration Testing Our internal Web Application Penetration Testing methodology is based from the OWASP testing methodology (Open Web Application Security Project), covering all areas of the OWASP top 10 (documented on the left). Additionally our methodology base includes Open Source Security Testing Methodology Manual – OSSTMM and the Penetration Testing Execution Standard – PTES. Our full web app testing methodology is available on request.
How does the engagement take place? After the scoping process, a security consultant will assess the web application for security issues, report on the security issues and deliver the final report with clear remediation instructions documented. After remediation work is completed by the client a free retest is conducted by Aptive, helping ensure the previously reported security issues are resolved. In the interest of optimising testing time and identifying as many security issues as possible clients have the option to make the web application source code available.
Is Website Penetration Testing the same service? Yes, by our definition Website Penetration Testing is the same service as Web Application Penetration Testing. Almost all modern websites are web applications, meaning they perform functions and render dynamic pages typically from back end databases. A CMS is a good example of a web application. Such as WordPress, Joomla, Drupal or in house web applications built from scratch or using opensource frameworks and libraries.