security Testing

Verify application security with HireTester!

contact us

Security Testing is a type of software testing which is done to ensure that a system is not vulnerable to hostile actions or attacks, its data and functionality are protected from possible intentional or unintentional intrudes

The HireTester team provides testing of basic application security level for companies that want to detect and exclude vulnerabilities and weakness of their solutions.

There’s unlimited number of ways to intrude into a system.
We use OWASP Top 10 to cover the most popular types of system penetration and corruption, and act accordingly.

What we do while testing vulnerabilities

Injection

Ensure that attackers can’t insert untrusted data into a query or a command and penetrate the system.

Broken authentication and session management

Check if the application components responsible for authentication and session management (passwords, keys, session tokens, etc.) are implemented correctly and it is impossible to get users’ private data.

Cross Site Scripting (XSS)

Exclude the possibility of inserting any alien data into your application as well as verify the proper validation of input data sent from the application to a web browser.

id=

Insecure Direct Object References

Find direct references to internally implemented objects, such as files, directories, or database keys. Ensure that they are protected and attackers cannot use them to access any personal data.

Security Misconfiguration

Test if all infrastructure components are configured in such a way that system corruption and data stealing cannot be performed by hackers (not default configuration is used).

S

Sensitive Data Exposure

Ensure that sensitive data, such as credit cards, tax IDs, authentication credentials and other, are sent to a web server by the HTTPS protocol and protected by safe encryption algorithms.

Missing Function Level Access Control

Verify if a check for sufficient access rights is performed when accessing every software function.

Cross Site Request Forgery (CSRF)

Confirm that it is impossible to send a forged HTTP request to a vulnerable web application, using session cookies or any other authentication information, to make browser generate illegitimate requests.

Using Components with Known Vulnerabilities

Check if the system can be intruded, applying components provided by third-party companies and containing popular soft spots, like libraries, frameworks, etc.

Unvalidated Redirects and Forwards

Ensure that during redirects or forwards to other pages and websites, the input data is properly validated and attackers cannot redirect users to forged and malware websites.

Multi-level Approach to Security Testing

SOFTWARE SCANNING

First, we use such automation tools as Acunetix Web Vulnerability Scanner, Netsparker, Vega Vulnerability Scanner and OWASP Zed Attack Proxy (ZAP), to scan the software and find vulnerabilities.

DEEPER CHECK

Then, we perform an additional manual check, imitating the actions of intruders, to analyze your application deeper and exclude the possibility of illegal system penetration.

DETAILED REPORTING

Next, we provide you a detailed report on detected vulnerabilities and their danger level for the application and its users.

Regression testing

After eliminating vulnerabilities and if there are no other threats detected, we run regression testing and provide you a final report on basic security.

Need a tester for your project?
Contact HireTester — get the right people involved!

contact us

See more: