A Web Application Test is a series of application security tests run against a hosted application which executes in an online environment.
The testing will constitute two specific security areas:
- A security review of the application
- Security testing of the production application for privilege escalation, authorization creep, insecure input operations, and security controls bypass.
Testing includes:
- Parameter Tampering Testing
- Web Server Infrastructure Analysis Testing
- Web Attack Signatures Testing
- Testing for Web Forms Vulnerabilities
- Compliance Analysis
- Cookie Security Analysis Testing
- File & Directory Exposure Checks
Mobile Security Testing may consist of the manual probing of application interfaces, automated fuzzing, development of test datasets and harnesses, and performing automated code review.
The Mobile Application Testing will include a comprehensive assessment of the following:
- White Box (Full Disclosure)
- Mobile Application Testing (APK, IPA, etc.)
- Mobile Application Exposure
- Mobile Signature Attacks
- Confidentiality Exposure checks
- Test for Mobile Form Vulnerabilities
- Cookie Exposure Checks
- File & Directory Exposure Checks
