Security testing

ГоловнаWhat we doSecurity testing
Security testing

Verify your application security with HireTester!

Security Testing is a type of software testing that is done to ensure that a system is not vulnerable to hostile actions or attacks, its data and functionality are protected from possible intentional or unintentional intrudes.

There is an unlimited number of ways to intrude into a system. The HireTester team provides testing of the basic application security level.

We use OWASP Top 10 to cover the most popular types of system penetration and corruption and act accordingly.

What We Do During Security Testing

Injection

Injection

Ensure that attackers can’t insert untrusted data into a query or a command and penetrate the system.

Broken authentication and session management

Broken authentication and session management

Check if the application components responsible for authentication and session management (passwords, keys, session tokens, etc.) are implemented correctly, and it is impossible to get users’ private data.

Cross Site Scripting (XSS)

Cross Site Scripting (XSS)

Exclude the possibility of inserting any alien data into your application as well as verify the proper validation of input data sent from the application to a web browser.

Insecure Direct Object References

Insecure Direct Object References

Find direct references to internally implemented objects, such as files, directories, or database keys. Ensure that they are protected, and attackers cannot use them to access any personal data.

Security Misconfiguration

Security Misconfiguration

Test if all infrastructure components are configured in such a way that hackers cannot corrupt the system corruption and steal data (not default configuration is used).

Sensitive Data Exposure

Sensitive Data Exposure

Ensure that sensitive data, such as credit cards, tax IDs, authentication credentials, etc., are sent to a web server by the HTTPS protocol and protected by safe encryption algorithms.

Missing Function Level Access Control

Missing Function Level Access Control

Verify if a check for sufficient access rights is performed when accessing every software function.

Cross Site Request Forgery (CSRF)

Cross Site Request Forgery (CSRF)

Confirm that it is impossible to send a forged HTTP request to a vulnerable web application, using session cookies or any other authentication information, to make the browser generate illegitimate requests.

Using Components with Known Vulnerabilities

Using Components with Known Vulnerabilities

Check if the system can be intruded, applying components provided by third-party companies and containing popular soft spots, like libraries, frameworks, etc.

Unvalidated Redirects and Forwards

Unvalidated Redirects and Forwards

Ensure that during redirects or forwards to other pages and websites, the input data is properly validated, and attackers cannot redirect users to forged and malware websites.

Multi-Level Approach to Security Testing

Software scanning

First, we use such automation tools as Acunetix Web Vulnerability Scanner, Netsparker, Vega Vulnerability Scanner, and OWASP Zed Attack Proxy (ZAP), to scan the software and find vulnerabilities.

Deeper check

Then, we perform an additional manual check, imitating the actions of intruders, to analyze your application deeper and exclude the possibility of illegal system penetration.

Detailed reporting

Next, we provide you a detailed report on detected vulnerabilities and their danger level for the application and its users.

Regression testing

After eliminating vulnerabilities and if there are no other threats, we run regression testing and provide you a final report on basic security.