Think of a Web App Penetration Test as an audit by a group of the world’s most accomplished hackers. Our network engineers connect to your site and proceed to needle, probe, poke, and assault your online apps in every way they can image. We know all the tricks the bad guys use, and our getting their first is the best preventative strategy for their ever appearing where they don’t belong.
What does this entail? A barrage of sophisticated tests on your environment, your input points and the resident data and logic used for executing applications and related files. It is a multi-day examination that lays your environment bare to every type of puncture wound we can inflict. After this rather intrusive process is completed, though, you will have revealed to light the dark corners hackers seek to insinuate into your environment. And the larger your network the more points of compromised security you will have.
A web application penetration test will address these fundamental questions about your environment:
- Is it possible for a hacker to access your internal and systems data from the Internet?
- Is your web-hosting site and service provider secure?
- Is your email server vulnerable to unauthorized internal or external access?
After the complete arsenal of testing is completed, you’ll have a definitive understanding about the true state of your website security. Penetration testing gives you the benchmarks necessary to make prudent IT strategies regarding security upgrades and requirements, resource allocation across the enterprise, and the selection and development practices of future applications.
Clone Guard® CG-WebPenT: A No-Holds-Barred Security Solution
Whereas our CG-WebScan vulnerability test will provide you with a structural understanding of weak points in your web infrastructure, CG-WebPenT goes microscopic on all layers of your data, the data interactions, the network entry points, the exploitable areas of the HTTP protocol stack, memory management, and shared components used by multiple applications. Penetration testing is a wholesale attempt to modify your system in as many ways as it permits. How it can be modified suggests to us all of the ways it can also be compromised by a hacker.
Our engineers are meticulous and merciless toward your web application infrastructure. Their battery of tests involves three general areas of system and data evaluation:
Environment Attacks
This test evaluates your installed software and any plug-ins, scripts, databases, and registry files with which it can potentially interact. Every dependency between software and service is revealed and documented, as is all software not protected by an Access Control List (ACL). Shared memory resources, shared software components like Dynamic Link Libraries (DLLs), and system performance variations also are monitored and logged.
Input Attacks
Input tests reveal if system inputs can be performed from untrusted sources. It audits each of your network’s communications paths, including network protocols and sockets, exposed remote functionality such as DCOM, remote procedure calls (RPCs) and web services, data files (binary or text), temporary files created during a process execution, and script-based control files. User interface controls on login screens and web front ends are also treated in similar granular manner, to reveal whether dangerous input can be generated.
Data and Logic Attacks
This is the most submariner of all the tests perform. It addresses faults in the actual design of an application that might provide an inadvertent inroad for a hacker. Data and logic attacks reveal susceptibility to Denial of Service attacks, system disclosures, SQL injection, and XSS scripting that may occur during hardware malfunctions, the presence of test accounts or APIs that may allow an intruder a mainline into your system, and any logical flaws in your internal authorization mechanism.
CG-WebPenT, not surprisingly, takes as long as seven days to perform, depending on the size of your enterprise and the degree of its external exposure. When all tests are concluded we will provide you complete documentation of the flaws detected and the remediation results for those flaws. After 30 days, we will run another scan on the areas flagged during testing to assure that the issues have been effectively resolved. Of course we can also help you determine the best solutions to use for securing the network. After the second scan reveals no security anomalies, we provide your organization a Web Penetration Test report and a certification that all web applications are optimized against external-facing security breaches.
By contrast, other penetration testing providers will do a single scan and generate a report, which to our eyes is leaving the job half-finished. We will see it through until all areas are validated and verified, and you’ll have the documentation to prove it.
Penetration testing, in the end, isn’t easy. But there is no other method of providing your web application environment with a top-to-bottom clean bill of health. Give one of our representatives a call to schedule your test.
Request a Quote
