The test involves attempting a real attack on web applications in order to assess their vulnerability to intrusion and verify the compatibility of the server configuration with good IT security practices.
Scope of work:
- Scanning vulnerabilities with professional software
- Verifying the web server configuration: returned headers, used technologies along with versions, available directories
- Attempting to enumerate and break the security of user accounts
- Verifying the SSL/TLS security level for data transmitted via the SSL protocol
- Checking threats to the availability, confidentiality and integrity of processed information
- Thorough testing of the application using approximately 100 tests defined in the OWASP Testing Guide v4
Execution method:
- An external test of one IP address / one web application
- A short summary report in Polish, with attachments containing the results of work of applied tools in English
Benefits:
- Reliable and objective information on the current security status of the web application
- A ready set of recommendations for eliminating threats together with a recommendation for implementation
- Effective spending of budgetary funds by directing investments to areas that really require improvement and reducing security management costs through effective, proactive identification and assessment of threats
- Enhancing the accuracy of business decisions through a precise understanding of the organization’s security status
- Minimizing the risk of reputational damage caused by information leaks and potential legal consequences
Additional information:
- The actions carried out will be documented together with a recommendation of the required actions
