Web application penetration testing
Penetration testing certifications and standards
OWASP web application penetration testing
In the ProSec® web application penetration test, we work according to the OWASP (Open Web Application Security Project) methodology (currently version 4). You can find the detailed test methodology here.
We check every OTG of your web application or web service. We cover the following web service and application areas, among others:
- Java & JVM Penetration Tests
- Angular application based Penetration Tests
- Redux application based Penetration Tests
- Python application based Penetration Tests
- Go application based Penetration Tests
- SOAP API’s
- REST API’s
OWASP web service and application architecture based penetration test
In addition to the classic web application & web service penetration test, we also offer the associated web application architecture penetration tests:
- Amazon AWS Penetration Tests
- Microsoft Azure Penetration Tests
- JBoss Penetration Tests
- Weblogic Penetration Tests
- Tomcat Penetration Tests
- Apache HTTPd Penetration Tests
- Microsoft IIS Penetration Tests
- Language based embedded webserver Penetration Tests
- MySQL Penetration Tests
- Oracle SQL Penetration Tests
- PostgreSQL Penetration Tests
- CouchDB Penetration Tests
Differentiation between the myth of OWASP Top 10 & OWASP
Often there are specifications in company tenders that test according to the “ OWASP standard”. On the one hand, we would like to make it clear again that OWASP is not a standard. On the other hand, instead of the desired OWASP level, there are often only OWASP Top 10 again – i.e. the 10 security gaps and weak points that were identified in the last year.
We distance ourselves from such “penetration tests” because they offer little added value for IT security and do not even begin to meet the quality requirements of our penetration testing. As a result, we generally reject the OWASP Top 10 penetration tests.
Agile penetration testing
We have also been the first company worldwide to offer agile penetration tests based on your software development since 2017. For competitive reasons, please contact us for further details.