ProSec GmbH

+49 261 45093090

  • About us
  • Services
    • Detection services
      • Classic penetration testing
      • Pentest as a service
      • Web application pentest
      • Vulnerability analysis
      • Red teaming
    • Solution services
      • IT security consulting
      • Data protection
        • GDPR
    • Education services
      • User awareness
      • Trainings
        • Junior penetration tester
        • Penetration tester web
        • Penetration tester network
  • Wiki
  • Jobs
  • Contact

PENETRATION TESTING

DETECTION SERVICES

Web application pentest

from Germany for

Companies
Organizations
Concerns

CONSULTING

SOLUTION SERVICES

Trainings

EDUCATION SERVICES

Web application penetration testing

The web application pentest is a technique for testing the security of web applications. The security of a web application is assessed through an active analysis of the weak points.
The aim is to identify and exploit as many vulnerabilities and security gaps as possible. The implementation is similar to a penetration test and aims to infiltrate the web apps with the help of penetration attacks.
Manual or automated test procedures are used to identify vulnerabilities in different areas of a web application. The tests identify known attacks such as B. SQL injection or denial of service attacks carried out on the application. The stability and the integration are checked for durability. The further focus is on session management in order to obtain user data such as the victims’ login data (session hijacking ).
The most important result of the web application pentest is to identify security gaps in the entire web application and its components (source code, database, back-end network) in order to subsequently check the web application for errors and to be able to eliminate weak points.
The end result is a summary of any security gaps or weak points found and an assessment of the impact on the web application. In addition, there is a recommendation of a technical solution to reduce the damage or to remedy the problem.
Web App Pentest

Penetration testing certifications and standards

iso-27001-logo
Logo Certified Ethical Hacker
owasp logo
CVSS Logo
OSSTM OPST Professional Security Tester
Mitre Corporation logo
Offensive Security OSCP
PTES TG Logo
Datenschutz und Sicherheit Zertifiziert
Open Source Security Testing Methodology Manual (OSSTMM)
Logo NIST

OWASP web application penetration testing

In the ProSec® web application penetration test, we work according to the OWASP (Open Web Application Security Project) methodology (currently version 4). You can find the detailed test methodology here.
We check every OTG of your web application or web service. We cover the following web service and application areas, among others:

  • Java & JVM Penetration Tests
  • Angular application based Penetration Tests
  • Redux application based Penetration Tests
  • JavaScript application based Penetration Tests
  • Python application based Penetration Tests
  • Go application based Penetration Tests
  • SOAP API’s
  • REST API’s

OWASP web service and application architecture based penetration test

In addition to the classic web application & web service penetration test, we also offer the associated web application architecture penetration tests:

  • Amazon AWS Penetration Tests
  • Microsoft Azure Penetration Tests
  • JBoss Penetration Tests
  • Weblogic Penetration Tests
  • Tomcat Penetration Tests
  • Apache HTTPd Penetration Tests
  • Microsoft IIS Penetration Tests
  • Language based embedded webserver Penetration Tests
  • MySQL Penetration Tests
  • NoSQL
  • Oracle SQL Penetration Tests
  • PostgreSQL Penetration Tests
  • CouchDB Penetration Tests

etc.

Differentiation between the myth of OWASP Top 10 & OWASP

Often there are specifications in company tenders that test according to the “ OWASP standard”. On the one hand, we would like to make it clear again that OWASP is not a standard. On the other hand, instead of the desired OWASP level, there are often only OWASP Top 10 again – i.e. the 10 security gaps and weak points that were identified in the last year.

We distance ourselves from such “penetration tests” because they offer little added value for IT security and do not even begin to meet the quality requirements of our penetration testing. As a result, we generally reject the OWASP Top 10 penetration tests.

Agile penetration testing

We have also been the first company worldwide to offer agile penetration tests based on your software development since 2017. For competitive reasons, please contact us for further details.

Team Penetration Testing IT Infrastruktur
Classic Penetration Tests
Team testing an app
Web Application Pentests
Person testet App mit iPhone
Mobile Application Testing
Red Teaming
Red Teaming
API Test
API Tests
Speicherprogrammierbare Steuerung - Programmable Logic Controller
SPS & IoT Pentests

Get to know real hackers?

We would be happy to show you over a cup of coffee (via video conference if in doubt) what a penetration test should offer in our opinion. Just give us a call or use the contact form!

Contact us

OUR LOCATIONS

  • Headquarters:
  • ProSec GmbH
  • Robert-Koch-Straße 1-9,
    D-56751 Polch, Germany

  • Berlin office:
  • ProSec GmbH
  • Friedrichstr. 123,
    D-10117 Berlin, Germany

 

  • Munich office:
  • ProSec GmbH
  • Franz-Joseph-Str. 11,
    D-80801 München, Germany

TOP-SERVICES

  • Penetration testing
  • Vulnerability analysis
  • Trainings
  • IT security consulting
  • Social engineering

All rights reserved. © 2022 ProSec GmbH | Imprint | Privacy policy | Sitemap