A detailed report, containing the revealed vulnerabilities, recommendations for eliminating them, examples of attacks and descriptions of possible penetration scenarios, will be provided on the penetration testing results basis.
Web app testing is the services list, which may include various software testing types.
he main testing goal is to reveal all errors in the software and develop recommendations for their prevention in the future.
There are three basic operation methods:
Together with the penetration test client, we approve the work date and time, appoint responsible persons and determine the performer awareness level – Black Box, White Box or Gray Box.
Compliance Control has got large background in web application security testing. Highly qualified company’s specialists use both the best world practices, methods and tools. Works can be carried out both with a direct visit of a specialist to your office and while using remote access technologies.
- The Open Web Application Security Project («OWASP») Testing Guide v4;
- Open Source Security Testing Methodology Manual («OSSTMM») v3;
- Technical Guide to Information Security Testing and Assessment (SP 800-115);
- ISACA IS auditing procedure «Security assessment-penetration testing and vulnerability analysis»;
- Penetration Testing Execution Standard («PTES»);
- A Penetration Testing Model («BSI»);
- Payment Card Industry («PCI») Data Security Standard («DSS») Guidance: PCI Information
- Supplement: Penetration Testing Guidance v3.2.1;
- Federal Risk and Authorization Management Program («FedRAMP»): FedRAMP Penetration Test Guidance 1.0.1.