Information Security
Detection. Solution. Education.
Would you like to travel with us?
Check our jobs!

Standards & Certifications

Web Application Penetration Testing

Web Application Penetration Testing is a technique for testing the security of web applications. Thus, the security of a web application is evaluated through an active analysis of vulnerabilities.

The goal is to identify and exploit as many vulnerabilities and security holes as possible. The implementation is similar to a penetration test and aims to penetrate the web apps with the help of penetration attacks.

Web Application Pentest

Here, manual or automated test procedures are used to identify vulnerabilities in different areas of a web application. During the tests, known attacks such as SQL injection or denial of service attacks are executed on the application. Stability and integration are tested for consistency. Another focus is on session management in order to obtain user data such as victim credentials (session hijacking).

The most important result of web application penetration testing is to ...

Identify security vulnerabilities in the entire web application and components (source code, database, back-end network) in order to subsequently check the web application for errors and eliminate vulnerabilities.

The end result is a summary of any security vulnerabilities or weaknesses found and an assessment of the impact on web application. This is accompanied by a recommendation of technical solutions to mitigate or fix the problem.

OWASP Web Application Penetration Testing

For the ProSec® Web Application Penetration Test, we work according to the OWASP (Open Web Application Security Project) Methodology (currently version 4.2). You can find the detailed test methodology here. We check every OTG of your web application or web service. We cover the following web service and application areas, among others:

  • Java & JVM Penetration Testing
  • Angular application based penetration testing
  • Redux application based penetration tests
  • JavaScript application based penetration tests
  • Python application based penetration testing
  • Go application based penetration testing
  • SOAP API's
  • REST API's
PSN Pentester Office

Differentiation Myth OWASP TOP 10 & OWASP

Often, company tenders contain specifications that testing must be performed according to the "OWASP standard". On the one hand, we would like to make it clear once again that OWASP is not a standard. On the other hand, instead of the desired OWASP level, you often find only OWASP Top 10 - i.e. the 10 security gaps and vulnerabilities that were identified last year.

We distance ourselves from such "penetration tests", as they offer little added value for IT security and do not even begin to meet the quality standards of our penetration testing. As a result, we reject OWASP Top 10 Penetration Tests across the board.

Agile Penetration Testing

We are also the first company in the world to offer agile penetration testing since 2017, based on your software development. For competitive reasons, please contact us for more details.

OWASP Web Service and Application Architecture

PSN Pentester Office

In addition to the classic Web Application & Web Service Penetration Test, we also offer the related Web Application Architecture Penetration Tests:

  • Amazon AWS Penetration Testing
  • Microsoft Azure Penetration Testing
  • JBoss Penetration Tests
  • Weblogic Penetration Tests
  • Tomcat Penetration Tests
  • Apache HTTPd Penetration Tests
  • Microsoft IIS Penetration Tests
  • Language based embedded webserver penetration tests
  • MySQL Penetration Tests
  • NoSQL
  • Oracle SQL Penetration Tests
  • PostgreSQL Penetration Tests
  • CouchDB Penetration Testing