TrustedSec’s Application Security Assessment analyzes any type of web application, regardless of the language in which it is written.

For the web application testing methodology, TrustedSec utilizes the OWASP Testing Guide and has created and developed solid methodologies for testing any type of application. Web Application Security Assessments rely on the use of real-world tactics, techniques, and procedures.

Testing ensures complete coverage of the OWASP Top 10 Web Application Security categories:

  • A1. Injection
  • A2. Broken Authentication and Session Management
  • A3. Cross-Site Scripting (XSS)
  • A4. Insecure Direct Object References
  • A5. Security Misconfiguration
  • A6. Sensitive Data Exposure
  • A7. Missing Function Level Access Control
  • A8. Cross-Site Request Forgery (CSRF)
  • A9. Using Components With Known Vulnerabilities
  • A10. Unvalidated Redirects and Forwards
Black-Box Application Assessment

Automated web application scanning with validated results to reduce false positives

White-Box Application Assessment

Manual and automated analysis of application code base to determine the source of issues that could result in exploitation

Grey-Box Application Assessment

Manually utilizing credentials to gain access to the inner workings for the application

Hybrid (White/Grey) Assessment

White-Box Application Assessment results are fed into a Grey-Box Application Assessment to reduce time and provide an actionable, prioritized list of issues.

Web Services & API Assessments

Accessing the API services is based on building attack scenarios upon the provided endpoints provided. This includes both credentialed and uncredentialed testing.

Training
  • Manager application security awareness/secure SDLC training customizable
  • Developer OWASP Top 10 training customizable
Mobile Apps

iOS & Android and the services they connect to

Featured Content

Research + Red Team + Risk Management: Assessing Evolving Threats

Download

Talk with an Expert

David Kennedy

Author: David Kennedy

Security expert, keynote speaker, avid gamer and the go-to for protecting companies from threats.