Institutions develop web applications using many software languages. In addition, institutions provide their web application development needs with third party companies. When today's attacks are examined and analyzed, we see that most of the attacks from the outside to the inside are carried out using security vulnerabilities in web applications. With this service, we perform web applications penetration tests by using international methodological approaches for web applications developed by institutions, either by themselves or by third-party companies. Web applications penetration tests can be carried out for web applications belonging to the institution both in the internal network of the institution and another location (DMZ, cloud, data centers etc.). With this test method, penetration tests are performed on applications within the organization or on an external network, entry points are determined, and tests are carried out together with switching tests to other systems. The findings determined at the end of the tests and the removal methods of these findings are presented to the institution in the form of a report. It is tried to determine the durability of web applications according to the following types of vulnerabilities.
The Web Application Penetration Test service consists of the following tests.
- Data collection
- Configuration Management Tests
- Authorization Tests
- Session Management Tests
- Authentication Tests
- Data Evaluation Tests