Talk to a Security Expert Now: (800) 721-9177

Application Security Testing

Extensive manual analysis and real-world attacks that completely expose attack vectors and discover application flaws.

As enterprise networks are replaced by logical layers in the cloud, managing application security risk has become a mission critical business objective. The attack surface and volume introduced by web and mobile applications is already staggering, and the movement towards cloud services, the internet of things (IoT), and software defined networking (SDN) will only increase the risks. Redspin’s proven process works regardless of whether you have a web application or a mobile application, or you’ve integrated multiple cloud providers and/or service layers.

Application security testing by professional security engineers, not software.

All application penetration testing and security assessments are performed by Redspin’s world-class engineering team. We leverage over a decade of experience and proprietary research amassed from thousands of assessments. We use real human intelligence and manual analysis to find the best strategies to secure your application, lower your security risk, and minimize business and service disruptions.

Common Goals for a Application Security Assessment:

  • Understand the security risks with in the application (or development life cycle)
  • Understand the impact of each vulnerability, flaw, or weakness
  • Prioritize risks and mitigation strategy to lower risk immediately and efficiently
  • Set the foundation for application and development security strategy

TALK TO A
SECURITY EXPERT

Scope and Methodology

Redspin’s web/mobile application security test usually proceeds in 3-4 stages:

  1. Host and service enumeration.
  2. Resource and content enumeration.
  3. Application configuration and network communication discovery.
  4. Manual testing of logins, credentials, sessions/cookies, and application behavior.

Redspin’s proven application security testing methodology prioritizes vulnerabilities according to risk and impact, and then delivers clear and concise recommendations to mitigate application flaws as quickly as possible. When serious or critical vulnerabilities are discovered, we notify you immediately with actionable recommendations.

Redspin uses findings, research, and tools from 1000’s of security assessments, as well as a standards based approach from Open Web Application Security Project Top 10 (OWASP Top 10) and the 2010 CWE / SANS Top 25 Most Dangerous Programming Errors (CWE/SANS):

OWASP Top 10 (Open Web Application Security Project)

A1 Injection

Can we send malicious code/scripts to the system?

A2 Broken Authentication and Session Management

Secure authentication is hard. Can we exploit parts of the app, like: Logout, password management, timeouts, remember me, secret questions, account update, etc.

A3 Cross-Site Scripting (XSS)

Can we untrusted data to exploit the interpreter in the browser? The most wide spread web application security flaw.

A4 Insecure Direct Object Reference

Can we change parameters to gain access to unauthorized objects?

A5 Security Misconfiguration

Can we access default accounts, unused pages, unpatched flaws, unprotected files or directories, etc. to gain unauthorized access to or knowledge of the system.

A6 Sensitive Data Exposure

Can we get unencrypted or weakly encrypted sensitive data by a man in the middle attack, exploiting the browser, stealing keys, interception clear text in transit, etc.

A7 Missing Function Level Access Control

Is access granted when a user changes parameters to access privileged functions?

A8 Cross-Site Request Forgery (CSRF)

Can we forge an HTTP request and trick users into submitting them?

A9 Using Components with Known Vulnerabilities

Can we use scanning or manual analysis to find a weak or bad components?

A10 Invalid Redirects and Forwards

Can we use the system to redirect or forward the user to a phishing site or malicious URL?

CWE/SANS Top 25 Most Dangerous Programming Errors

Each of the 25 problems fall into 3 primary categories:

Insecure Interaction Between Components: These weaknesses are related to insecure ways in which data is sent and received between separate components, modules, programs, processes, threads, or systems. Including tests for Injection, Unrestricted Upload, Operating System (OS) Command Injection, Information Exposure Through an Error Message, and Race Conditions.

Risky Resource Management: The weaknesses in this category are related to ways in which software does not properly manage the creation, usage, transfer, or destruction of important system resources. Including tests for Classic Buffer Overflow, Buffer Access with Incorrect Length Value, Improper Check for Unusual or Exceptional Conditions, PHP File Inclusion, Improper Validation of Array Index, Integer Overflow or Wraparound, Incorrect Calculation of Buffer Size, Download of Code Without Integrity Check, and Allocation of Resources Without Limits or Throttling.

Porous Defenses: The weaknesses in this category are related to defensive techniques that are often misused, abused or simply ignored. Including tests for Improper Access Control (Authorization), Reliance on Untrusted Inputs in a Security Decision, Missing Encryption of Sensitive Data, Use of Hard-coded Credentials, Missing Authentication for Critical Function, Incorrect Permission Assignment for Critical Resource, and Use of a Broken or Risky Cryptographic Algorithm.

SANS Top 25 List

  1. Failure to preserve web page structure (Cross-site scripting)
  2. Improper sanitization of special elements used in a SQL command (SQL injection)
  3. Buffer copy without checking the size of input (Classic buffer overflow)
  4. Cross-site request forgery
  5. Improper access control (Authorization)
  6. Reliance on untrusted inputs in a security decision
  7. Improper limitation of a pathname to a restricted directory (Path traversal)
  8. Unrestricted upload of a file with dangerous type
  9. Improper sanitization of special elements used in an OS command (OS command injection)
  10. Missing encryption of sensitive data
  11. Use of hard-coded credentials
  12. Buffer access with incorrect length value
  13. Improper control of filename for include/require statement in PHP program (PHP file inclusion)
  14. Improper validation of array index
  15. Improper check for unusual or exceptional conditions
  16. Information exposure through an error message
  17. Integer overflow or wraparound
  18. Incorrect calculation of buffer size
  19. Missing authentication for critical function
  20. Download of code without integrity check
  21. Incorrect permission assignment for critical resource
  22. Allocation of resources without limits or throttling
  23. URL redirection to untrusted site (Open redirect)
  24. Use of a broken or risky cryptographic algorithm
  25. Race condition

Penetration Testing Services

Redspin’s end-to-end security assessment services.

Penetration Testing

Comprehensive risk, vulnerability, and penetration testing intelligence with prioritized risk-rated recommendations.

Learn more

Red Team Assessments

Our most comprehensive security assessment, combining penetration testing, application security testing, and social engineering.

Learn more

Application Security

Get world-class security engineers to test vulnerabilities in your web, mobile, & cloud applications.

Learn more

Social Engineering

OSINT, phishing, vishing and physical campaigns to pinpoint your vulnerabilities and promote awareness and education.

Learn more

Back To Top