Web Application Security Testing involves Red-Team hackers attempting to break into an online application (e.g online shop), using the same tools and techniques which a hacker would use.

Why do it?

Any organisation running insecure applications are vulnerable to methods such as Remote File Includes, Cross Site scripting and SQL injection. These allow a hacker to obtain information such as credit card details, and also to manipulate the application for their benefit. This is usually the most common entry point for compromising servers, taking advantage of design and development flaws enables hackers to access the application and use it maliciously.

Red-Team use both automated and manual methods for exploiting web applications. This area of attack requires our experts to be at their most creative. More than 50% of the total server compromises we find come from hacking web applications.

We use guidelines from OWASP and OSSTTM to attempt to compromise system code and force it to carry out actions outside usual operational constraints. This may include hidden field manipulation, SQL injection, parameter manipulation, cross-site scripting, and/or password brute forcing.