CORE IMPACT Pro WEB APPLICATION PENETRATION TESTING SERVICES
Mitigating weaknesses in web applications can be costly since they offer require re-coding to effectively remediate issues. CORE IMPACT Pro Web Application Penetration Testing services pinpoint exploitable application weaknesses with no false positives, allowing development resources to focus on addressing critical exposures. Core Security engineers can assess your web applications to flaws cited by the Open Web Application Security Project (OWASP), such as:
- A1: Injection Flaws – assess applications against SQL injection and blind SQL injection attacks
- A2: Cross-Site Scripting (XSS) – test applications against URL-based XSS attacks
- A4: Insecure Direct Object References + A7 Failure to Restrict URL Access – uncover hidden, backup and old pages in applications + discover and analyze robots.txt files to reveal admin pages and other sensitive URLs
- A10: Insufficient Transport Layer Protection – identify where weak levels of encryption expose your HTTPS-secured sites
- A6: Security Misconfiguration – assess web server and network infrastructure to identify other security issues that undermine web application integrity (requires Network Penetration Testing service)
This service can be customized to address additional OWASP-ranked weaknesses and other web application exposures, such as remote file inclusion.
This service can be conducted on-site or remotely.
- Learn about the benefits of CORE IMPACT Penetration Testing Services
- View the CORE IMPACT Professional Services data sheet
- Contact us to discuss your specific needs
Learn more about:
