Application Penetration Testing
Whether your organisation develops web, mobile, or desktop applications in-house or works with third-parties, time constraints and a lack of awareness of secure software development practices, often results in an application with the potential to put your organisation’s information and systems at risk of compromise.
Centurion provides a thorough security assessment using its own application testing methodology, based on Centurion’s independent security research, prior experience from testing thousands of applications, and industry best practices including:
- The Open Web Application Security Project (OWASP) Testing Guide
- Open Source Security Testing Methodology Manual (OSSTMM)
- The Web Application Hacker's Handbook
- CWE/SANS Top 25 Most Dangerous Software Errors
- CERT Secure Coding Standards
We combine our expert knowledge and ability to take into account the business impact to produce reports that are relevant, reproducible through complete technical details, and provide assurance that the application adheres to security best practices.
All types of applications can be susceptible to security weaknesses ranging from weak password policies to vulnerabilities that allow attackers to gain full control of the application’s supporting system. Centurion offers application penetration testing services for a wide range of applications including:
- Web applications and web services
- Mobile applications for iOS (iPhone/iPad) and Android
- Java clients and applets
- Windows desktop and Unix/Linux applications
Centurion provides application penetration testing services targeted at any type of application including web applications, web services, mobile applications, Java clients, and traditional desktop applications.
Centurion’s skilled security consultants apply a manual approach to the identification and exploitation of the application’s security vulnerabilities. We explore and analyse application functionality to identify and exploit security vulnerabilities. Automated tools are used where appropriate to reduce the amount of time required to discover easily identified vulnerabilities.
Injection vulnerabilities are dissected, analysed, and pushed to their limits by exploiting weak permissions in application databases and filesystems, to create web shells capable of providing command execution and remote control of the target system hosting the application. Once we have gained access to a system within your organisation’s network, we then perform a network reconnaissance to discover other accessible systems that could be used to transition past the DMZ and further into the core network. This provides a real world attack scenario to ensure that Internet facing applications and systems are properly segregated and capable of containing a successful compromise.
How We Can Help
Once we have identified vulnerabilities within the target application we work closely with developers to ensure the effective implementation of security controls to address the identified vulnerabilities. We recommended appropriate working solutions catered for your organisation’s unique requirements and not just another band aid solution to prevent known malicious input.