Real-World Tactics, Techniques, and Procedures for Today’s Application Testing

For Application Security Testing, TrustedSec can analyze any type of web application regardless of the language it is written with.

TrustedSec uses the OWASP Testing Guide for its assessment methodology, and has created and developed solid methodologies for testing any type of application. TrustedSec’s web application testing relies on the use of real-world tactics, techniques, and procedures.

 

Testing ensures complete coverage of the OWASP Top 10 web application risk categories:

  • A1. Injection
  • A2. Broken Authentication and Session Management
  • A3. Cross-Site Scripting (XSS)
  • A4. Insecure Direct Object References
  • A5. Security Misconfiguration
  • A6. Sensitive Data Exposure
  • A7. Missing Function Level Access Control
  • A8. Cross-Site Request Forgery (CSRF)
  • A9. Using Components with Known Vulnerabilities
  • A10. Unvalidated Redirects and Forwards

 

Black-Box Testing
Automated web application scanning produces validated results to reduce false positives.

White-Box Testing
Manual and automated source code analysis of application code base determines the source of issues that could result in exploitation.

Grey-Box Testing
Credentials are manually utilized to gain access to the inner workings of the application.

Hybrid (White/Grey) Testing
White-Box Testing results are fed into a Grey-Box Test to reduce time and provide an actionable, prioritized list of issues.

Web Services & API Testing
Accessing the API services is based on building attack scenarios upon the endpoints provided. This includes both credentialed and uncredentialed testing.

Training
Customizable manager application security awareness/secure software development lifecycle (SDLC) training and developer OWASP Top 10 training are offered.

Mobile Apps
We test iOS and Android and services to which they connect.