The Web Application Assessment aims to identify security weaknesses in a Customer application through testing of the application’s external interfaces. This assessment will include testing for security weaknesses relevant to the type of application. These may include weaknesses such as those related to cross-site scripting, SQL injection, OS command injection, improper authentication and access control, cross-site request forgery, improper error handling, encryption issues, or open redirects.
LMNTRIX will start by becoming familiar with the application, to include reviewing provided documentation, holding meetings with Customer personnel familiar with the application, and/or requesting a demonstration. LMNTRIX will develop knowledge about how the application functions under normal conditions, including normal inputs and associated outputs. LMNTRIX will then assess the application’s response to various inputs and conditions using appropriate security testing tools.
Within the parameters of the agreed-upon scope, LMNTRIX will test the application as an unauthenticated user, as a normal user, and as an administrative user, to test the application’s authentication and access control functions. LMNTRIX will use a combination of internally developed tools and scripts in addition to open source and commercial tools
We help you
Know whether your critical assets are at risk
Identify and mitigate complex security vulnerabilities before an attacker exploits them
Understand how the most sophisticated attackers operate based on intelligence gained from our years performing incident response
Attain realistic findings and comprehensive recommendations
What You will get
High level executive summary report
Technical documentation that allows you to recreate our findings
Fact-based risk analysis to validate results
Tactical recommendations for immediate improvement
Strategic recommendations for long-term improvement
Ready toGet Started?
Our security experts are standing by to help you with an incident or answer questions about our
consulting and managed detection and response services.