TrustedSec’s Application Security Assessment analyzes any type of web application, regardless of the language in which it is written.
For the web application testing methodology, TrustedSec utilizes the OWASP Testing Guide and has created and developed solid methodologies for testing any type of application. Web Application Security Assessments rely on the use of real-world tactics, techniques, and procedures.
Testing ensures complete coverage of the OWASP Top 10 Web Application Security categories:
- A1. Injection
- A2. Broken Authentication and Session Management
- A3. Cross-Site Scripting (XSS)
- A4. Insecure Direct Object References
- A5. Security Misconfiguration
- A6. Sensitive Data Exposure
- A7. Missing Function Level Access Control
- A8. Cross-Site Request Forgery (CSRF)
- A9. Using Components With Known Vulnerabilities
- A10. Unvalidated Redirects and Forwards
Black-Box Application Assessment
Automated web application scanning with validated results to reduce false positives
White-Box Application Assessment
Manual and automated analysis of application code base to determine the source of issues that could result in exploitation
Grey-Box Application Assessment
Manually utilizing credentials to gain access to the inner workings for the application
Hybrid (White/Grey) Assessment
White-Box Application Assessment results are fed into a Grey-Box Application Assessment to reduce time and provide an actionable, prioritized list of issues.
Web Services & API Assessments
Accessing the API services is based on building attack scenarios upon the provided endpoints provided. This includes both credentialed and uncredentialed testing.
- Manager application security awareness/secure SDLC training customizable
- Developer OWASP Top 10 training customizable
iOS & Android and the services they connect to
Talk with an Expert
Author: David Kennedy
Security expert, keynote speaker, avid gamer and the go-to for protecting companies from threats.