Security Testing is a type of software testing which is done to ensure that a system is not vulnerable to hostile actions or attacks, its data and functionality are protected from possible intentional or unintentional intrudes
The HireTester team provides testing of basic application security level for companies that want to detect and exclude vulnerabilities and weakness of their solutions.
There’s unlimited number of ways to intrude into a system.
We use OWASP Top 10 to cover the most popular types of system penetration and corruption, and act accordingly.
Ensure that attackers can’t insert untrusted data into a query or a command and penetrate the system.
Check if the application components responsible for authentication and session management (passwords, keys, session tokens, etc.) are implemented correctly and it is impossible to get users’ private data.
Exclude the possibility of inserting any alien data into your application as well as verify the proper validation of input data sent from the application to a web browser.
Find direct references to internally implemented objects, such as files, directories, or database keys. Ensure that they are protected and attackers cannot use them to access any personal data.
Test if all infrastructure components are configured in such a way that system corruption and data stealing cannot be performed by hackers (not default configuration is used).
Ensure that sensitive data, such as credit cards, tax IDs, authentication credentials and other, are sent to a web server by the HTTPS protocol and protected by safe encryption algorithms.
Verify if a check for sufficient access rights is performed when accessing every software function.
Confirm that it is impossible to send a forged HTTP request to a vulnerable web application, using session cookies or any other authentication information, to make browser generate illegitimate requests.
Check if the system can be intruded, applying components provided by third-party companies and containing popular soft spots, like libraries, frameworks, etc.
Ensure that during redirects or forwards to other pages and websites, the input data is properly validated and attackers cannot redirect users to forged and malware websites.
First, we use such automation tools as Acunetix Web Vulnerability Scanner, Netsparker, Vega Vulnerability Scanner and OWASP Zed Attack Proxy (ZAP), to scan the software and find vulnerabilities.
Then, we perform an additional manual check, imitating the actions of intruders, to analyze your application deeper and exclude the possibility of illegal system penetration.
Next, we provide you a detailed report on detected vulnerabilities and their danger level for the application and its users.
After eliminating vulnerabilities and if there are no other threats detected, we run regression testing and provide you a final report on basic security.