Visit MTI France Website Visit MTI
France »

Visit MTI Germany Website Visit MTI
Germany »

Home   Security   Penetration Testing   Web Application Testing

Web Application Testing

Web Application testing evaluates the security behavior of interactive web sites ranging from applications used as eCommerce and extranet services through to sites offering simple fill-in "Contact Us" forms.

MTI Web Application Testing: Overview

MTI have developed an extensive Web Application testing methodology that is based on the OWASP Top Ten but also goes above and beyond this to incorporate many bespoke testing methodologies that our consultants have designed over many years of carrying out these types of test.

As trusted experts, MTI examine what is predominantly accessed over HTTP or HTTPS and attempt attacks that the traditional network firewall isn't designed to protect against. Interactive extranet and eCommerce applications can take thousands of man hours to code and are often very complex. Whilst some automated tools can find some issues, no web application can be reliably and fully tested using automated tools only and they require testing by experienced consultants.

Depending on the application, we perform appropriate testing in the following areas:

  • Authentication
  • Authorisation
  • Account Management
  • Session Management
  • Cross Site Request Forgery (CSRF)
  • Encryption
  • Hidden field manipulation
  • SQL and Script injection attacks
  • Meta character stripping
  • Parameter tampering
  • Forceful browsing
  • Form posting vulnerabilities
  • Character bounds checks
  • Buffer overflow checks
  • Cross-site scripting
  • Source code disclosure
  • Back doors and debugging options
  • Past errors disclosed (incl. Google diving)
  • Newsgroup searches for information and technicians' query disclosures
  • Third-party mis-configurations and insecure default configuration settings
  • Known software vulnerabilities
  • Code Reviews

Next Steps...

If you would like more information regarding Web Application Testing, please contact the MTI penetration testing team to discuss your requirements.

Want to know more?


Email us or call now on +44 (0)1483 520 200




Call Me Back...