Web Application Penetration Testing

With the advent of e-commerce, companies are increasingly using the web to promote and sell their products and/or services. The INSIDE Cyber Security Division conducts prevention and safety activities on all the web applications used by companies.

The process involves scanning and monitoring all the sections of the web application, with particular attention to areas protected by usernames and passwords, which, when entered, allow access to the services offered through HTTP or HTTPS protocols.

The work involves the following security fields:

  • Scanning of sensitive data sent via the application and exposed to risk of interception by malicious parties, through an examination of the HTML code, scripts or other information that can be obtained through debugging mechanisms;
  • Thorough analysis of interactive fields between the application and the user to identify any gaps created by (in)voluntarily input;
  • Authentication procedures;
  • Resolution of issues related to a specific session, such as timeouts, logouts, hijacking, logins using unverified addresses, etc.
  • Validation and alterability of data;
  • Execution of commands in unexpected areas of the application, for example, through specific SQL strings, which can lead to the direct manipulation of the database, with the possibility of acquiring, modifying and deleting stored data;
  • Incorrect or inappropriate interactions with the operating system (shell escape).