• Did you knew that 63% of users admit to forgetting a password,
    or had a password compromised, in their professional life ?

    Did you knew that 60% organizations do not have
    two-factor authentication implemented ?

  • Have you ever thought phishing, malware, and zero-days
    give IT security the most headaches ?

    Did you knew that most crimes by trusted parties
    (insider and privileged users) are perpetrated for financial or personal gain ?

Application Security Testing

In this type of penetration test, we assess the security of the application by focusing on remotely exploitable vulnerabilities as per OWASP Top 10 and WASC guidelines and application architecture design review. We also assess the controls with respect to privilege escalation, malicious file uploads and other XML attacks. This helps to understand the total threat profile of your web application environment. Apart from testing for industry standard test cases, we specialise in executing Business Logic Attacks which would be unique to each functionality of the application. Our team doesn’t rate the Risk Severity blindly but only as per the applicability of the vulnerability in business context of your organization. We specialize in assessing Web applications, Thick client applications, web services testing, PA-DSS compliant applications, SaaS application.

In this service, some of the sample tests we would perform include :


Over here, we would check application functions related to authentication. Credentials can be guessed or overwritten through weak account management functions (e.g., account creation, change password, recover password, weak session IDs), so we would review the application for any description of the minimum quality rules enforced on user passwords. We would verify if it is not possible to access sensitive directories and files without authentication.

The degree of escalation depends on what privileges the attacker is authorized to possess, and what privileges can be obtained in a successful exploit. We would access such pages, objects and functions as another user in order to verify if it is possible to access a page, object, function that should not be permitted by the user's role/privilege. In this way, we would hunt for bugs related to horizontal privilege escalation, vertical privilege escalation, etc.

Session management is often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens or to exploit other implementation flaws to assume other users’ identities. We would hunt for bugs related to session hijacking, session fixation and session prediction attacks.

Open URL redirect is possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. It can also be used to maliciously craft a URL that would pass the application’s access control check and then forward the victim to attacker controlled domain.

Many web applications do not properly protect sensitive data, such as credit cards, tax IDs, and authentication credentials. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data deserves extra protection such as encryption at rest or in transit, as well as special precautions when exchanged with the browser.

Developers fail to secure the communication channel leaving them vulnerable to insecure communications. If weak ssl ciphers are used or if credentials are transmitted over HTTP channel, then an attacker can perform an Man-In-The-Middle (MITM) attack to sniff the credentials and sensitive data being transmitted. We would verify whether communications between infrastructure elements, such as between web servers and database systems, are appropriately protected via the use of transport layer security or protocol level encryption for credentials and intrinsic value data.

This type of attack, can be used alone or in combination with other attacks, could potentially send unauthorized commands or reveal confidential information while the victim is interacting with seemingly harmless web pages. We have to discover if the website that we are testing has no protections against clickjacking attacks or, if the developers have implemented some forms of protection, if these techniques are liable to bypass. Once we know that the website is vulnerable, we can create a “proof of concept” to exploit the vulnerability.

An attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. The likelihood has also increased because the victim is sure to be authenticated to the site already. Over here, the preferred option is to include the unique token in a hidden field. This causes the value to be sent in the body of the HTTP request, avoiding its inclusion in the URL, which is more prone to exposure.

An attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. The likelihood has also increased because the victim is sure to be authenticated to the site already. Over here, the preferred option is to include the unique token in a hidden field. This causes the value to be sent in the body of the HTTP request, avoiding its inclusion in the URL, which is more prone to exposure.

It allows the attacker to misuse an application by circumventing the business rules. Most security problems are weaknesses in an application that result from a broken or missing security control. Automated tools find it hard to understand context, hence we as experts are here to perform these kinds of tests by understanding the functionality of the application, the developer's intentions, and some creative "out-of-the-box" thinking can break the application's logic.

We identify this vulnerability which may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Firstly, we identify an XML style communication and then, post discovery, we try to insert XML metacharacters. Once the malicious XML values are injected, we try to access the local system files or cause a Denial of Service attack on the application.

We understand the deployed configuration of the server hosting the web application, as an application chain is only as strong as its weakest link. While the typical web and application server installation will contain a lot of functionality (like application examples, documentation, test pages) what is not essential should be removed before deployment to avoid post-install exploitation.