For Application Security Testing, TrustedSec can analyze any type of web application regardless of language it is written with.
We use the OWASP Testing Guide for it’s assessment methodology, while for other assessment types, TrustedSec has created and developed solid methodologies for testing any type of application. TrustedSec web application testing relies on the use of real-world tactics, techniques, and procedures.
Testing ensures complete coverage of the OWASP Top 10 web application risk categories:
- A1. Injection
- A2. Broken Authentication and Session Management
- A3. Cross-Site Scripting (XSS)
- A4. Insecure Direct Object References
- A5. Security Misconfiguration
- A6. Sensitive Data Exposure
- A7. Missing Function Level Access Control
- A8. Cross-Site Request Forgery (CSRF)
- A9. Using Components with Known Vulnerabilities
- A10. Unvalidated Redirects and Forwards
Black Box Testing
Automated web application scanning with validated results to reduce false positives.
White Box Testing
Manual and automated source code analysis of application code base to determine the source of issues that could result in exploitation.
Grey Box Testing
Manually utilizing credentials to gain access to the inner workings for the application.
Hybrid (White/Grey) Testing
White Box Testing results being fed into a Grey Box Test to reduce time and provide actionable prioritized list of issues.
Web Services & API Testing
Accessing the API services is based upon building attack scenarios upon the endpoints provided. This includes both credentialed and uncredentialed testing.
- Manager application security awareness/secure SDLC training customizable
- Developer OWASP Top 10 training customizable
iOS and Android & services they connect to
Author: David Kennedy
Security expert, keynote speaker, avid gamer and the go-to for protecting companies from threats.