-
Services
- Information Security Program (ISP)
-
Information Security Assessment Services (ISAS)
- Internal Security Assessment (ISA)
- External Vulnerability Assessment/Penetration Testing (EVA/PT)
- Physical Security Assessment (PSA)
- Remote Internal Vulnerability Assessment (R/IVA)
- Wireless Vulnerability Assessment (WVA)
- Branch Controls Assessment (BCA)
- Virtual Vulnerability Assessment (VVA)
- Website Penetration Testing Assessment (W/PTA)
- Mobile Device Management Assessment (MDM)
- Risk Management/Business Continuity Program
- CastleGarde NetAudit (CNA)
- Remote Social Engineering (RSE)
- Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Audit
- Website Compliance Assessment (WCA)
- Resources
- Company
Website Penetration Testing Assessment (W/PTA)
Website Penetration Testing Assessment (W/PTA)
This assessment is focused specifically on the client’s website, utilizing client-supplied application credentials (White Box Testing) as well as uncredentialed (Black Box Testing) to gain access for the purpose of testing the website for vulnerabilities. CastleGarde’s methodology of website penetration testing of your application consists of our discovery service which addresses visibility gap by creating a scope of public-facing web applications. CastleGarde’s next process is an application risk assessment which quickly identifies exploitable vulnerabilities such as those found in the OWASP Top 10 and CWE/SANS Top 25. CastleGarde then performs a comprehensive deep scan with customized scripts that will identify web application vulnerabilities using both authenticated and non-authenticated scans and includes looking for attack vectors noted in the OWASP Top 10 and SANS Top 25.
Three distinct application tests are performed by CastleGarde
1
Dynamic application security testing
Automated web application vulnerability scanners are used as tools which crawl and scan web applications for the most common application security vulnerabilities.
2
Static application security testing
Static application security testing includes a complete analysis of the application source code. CastleGarde will analyze the application(s) source code, byte code, and binaries to identify best coding practices which are suggestive of security vulnerabilities within the application(s) itself.
3
Manual application security testing
Automated security testing authentication and authorization functionality can be overlooked by web application scanners. In these circumstances, CastleGarde will perform manual testing in order to get adequate details regarding vulnerabilities within the application. OWASP provides an exhaustive list of test cases that can be leveraged to perform manual testing in areas which may not be covered by automated application security scanners. Refer to https://www.owasp.org/index.php/Top10#OWASP_Top_10_for_2013 for further details.
Test for the following vulnerabilities
- Authentication
- Authorization and Access Control
- Session Management
- Data and Input Validation
- Injection Flaws
- Buffer Overflows
- Error Handling
- Logging
- Remote Administration
- Web Application and Server Configuration