Web application penetration test
We test your web applications
During a penetration test of your web applications and websites, our hackers manually check whether they contain vulnerabilities.
In doing so, we are primarily guided by the OWASP Top 10.
We do not follow up on the PenTest web app Scheme-F We don't just look at the classic weaknesses, but also take a fresh look at each application so that we can uncover application-specific weaknesses.
What vulnerabilities can a web application contain?
Web applications can contain a wide variety of vulnerabilities. Vulnerabilities that we repeatedly find during our penetration tests are listed below.
- Insecure access controls
- Cryptographic vulnerabilities and errors
- Injection options
- Unsafe design
- Vulnerabilities and errors in authentication and identification
- Vulnerabilities and errors in software and data integrity
- Vulnerabilities and errors in security logging and monitoring
- Vulnerabilities and errors in authentication and identification
- Vulnerabilities and errors in software and data integrity
- Security misconfigurations
- Server-side request forgery
- Logic error
Types of web app penetration tests
Web app pen tests can be carried out in different ways. As a rule, the approach differs according to the knowledge base provided, which is the starting point for our IT security analysts.
Black Box - Little to no information
Penetration test of the application without a previously registered user. No additional information is available.
Grey Box - Additional initial information
Access to different users who have different levels of authorisation. This allows us to check more quickly whether endpoints can be accessed by low-privileged users that should be reserved for higher-privileged users.
White Box - Comprehensive information and access to the application, its source code, different users and logging information
The most effective approach: We have access to different users with different rights, as well as to parts of the source code and the logs. This allows us to gain a comprehensive picture of the application's security.
When does a web app pen test make sense for my company?
- You operate an online shop or other web application that makes sensitive data available online for customers, partners or employees.
- Alternatively, you are a developer of web applications and attach great importance to IT security.
- You want to know how to secure your web applications in a targeted and consistent manner.
- You want to know the vulnerabilities of your applications before a data leak occurs.
The colleagues at Laokoon were on hand to answer any questions we had and provided uncomplicated support.
Team Leader Development