Application Penetration Testing Methodology

Learn more about our methodology and the steps used in our web application penetration testing engagements

application-penetration-testing-methodology

Each and every web application penetration test is conducted consistently using globally accepted and industry-standard frameworks. This helps makes up our application penetration testing methodology.

In order to ensure a sound and comprehensive application penetration test, RedTeam leverages industry-standard frameworks as a foundation for carrying out penetration tests. At a minimum, the underlying framework is based on the Open Web Application Security Project (OWASP), but goes beyond the initial framework itself.

Web application developers often inadvertently overlook security as they focus on code development, visual design, and app management, which is completely understandable. Through our rigid application penetration testing process, RedTeam will identify weaknesses in your applications so any security vulnerabilities can be addressed. Contact us today at 612-234-7848 to learn more.

Application Penetration Testing Steps

Application-pen-testing-methodology

Reconnaissance

The first phase in a web application penetration test is focused on collecting as much information as possible about a target application. Reconnaissance, aka Information Gathering, is one of the most critical steps of an application pen test. This is done through the use of public tools (search engines), scanners, sending simple HTTP requests, or specially crafted requests. As a result, it is possible to force the application to leak information, e.g., disclosing error messages or revealing the versions and technologies used.

Example tests include: Error Code Analysis, Fuzzing, Search Engine Recon, App Enumeration and App Fingerprinting

You play an important role in the information-gathering phase of application penetration testing, too.

Learn More About How You Can Help Us Understand The Complexity Of The Application We’ll Be Testing.

Configuration Management

Comprehending the deployed configuration of the server/infrastructure hosting the web application is nearly as critical as the application security testing itself. After all, an application chain is only as strong as its weakest link. Application platforms are wide and varied, but some key platform configuration errors can compromise the application in the same way an unsecured application can compromise the server (insecure HTTP methods, old/backup files).

Example testing includes: TLS Security, Database Listeners, File Extension Handling and Cross-Site Tracing

Authentication Testing

Authentication is the process of attempting to verify the digital identity of the sender of a communication. The most common example of such a process is the logon process. Testing the authentication schema means understanding how the authentication process works and using that information to circumvent the authentication mechanism.

Example testing includes: Brute Force Testing, User Enumeration, Transport Layer Security

Session Management

Session Management is defined as the set of all controls governing the stateful interaction between a user and the web application he/she is interacting with. In general, this covers anything from how user authentication is carried out, to what happens when they log out.

Example testing includes: Session Fixation, Cross Site Request Forgery, Cookie Management, and Session Timeout.

Authorization Testing

Authorization Testing involves understanding how the authorization process works and using that information to circumvent the authorization mechanism. Authorization is a process that comes after successful authentication, so the pen tester will verify this point after he/she holds valid credentials, associated with a well-defined set of roles and privileges. As a result, it should be verified if it is possible to bypass the authorization schema, find a path traversal vulnerability, or find ways to escalate the privileges.

Example testing includes: Directory Traversal, Privilege Escalation, and Bypassing Authorization Controls.

Data Input Validation

The most common web application security weakness is the failure to properly validate input coming from the client or from the environment before using it. This weakness leads to almost all of the major vulnerabilities in web applications, such as cross-site scripting, SQL injection, interpreter injection, locale/Unicode attacks, file system attacks, and buffer overflows.

Example tests include: Cross-Site Scripting, SQL Injection, OS Commanding, and Server Side Injection.

Denial-of-Service (Optional)

A denial of service (DoS) attack is an attempt to make a resource unavailable to its legitimate users. Traditionally, denial of service (DoS) attacks has been network based: a malicious user floods a target machine with enough traffic to make it incapable of servicing its intended users. There are, however, types of vulnerabilities at the application level that can allow a malicious user to make certain functionality unavailable. These problems are caused by bugs in the application and often are triggered by malicious or unexpected user input. This phase of testing will focus on application layer attacks against availability that can be launched by just one malicious user on a single machine.

Not all clients have an appetite for DoS testing, therefore it may not always be a component of each and every penetration test.

Web / API Services

Web services have certain elements of exposure just like any other protocol or service. What’s different is that they can be used on HTTP, FTP, SMTP or MQ among other transport protocols. As a result, vulnerabilities in web services are similar to other vulnerabilities, such as SQL injection, information disclosure, and leakage, but web services also have unique XML/parser related vulnerabilities.

Example tests include: Information Gathering, Fuzzing, and Replay Testing

Secure Your Application Today

Schedule a Free Virtual Meeting With Our Cybersecurity Expert

At RedTeam Security, we understand the hard work and level of detail that goes into application development, and it’s easy to miss some security points. Unfortunately, cybercriminals will actively seek to exploit these weaknesses. Our goal is to help your team understand any potential vulnerabilities and identify solutions to ensure your applications are strongest; they can be from a security standpoint. Through the vigorous processes established in our testing methodology, we’ll find any weaknesses. About 80% of our application penetration testing is manual testing, with 20% being automated testing. Schedule your free virtual meeting with a RedTeam Security expert today at 612-234-7848.

Services Datasheet

Learn more about RedTeam Security's advanced Application, Network and Physical Penetration Testing, Social Engineering and Red Teaming services.

RedTeam Security Services Overview Data sheet

Penetration Testing Resources

View all