The vulnerability assessment/penetration test will try to unearth vulnerabilities included in the OWASP Top 10 list, the WASC list of threats and other application-level exploits. This will cover:

• Application and server configuration
• Authentication and authorization
• Data validation
• Data privacy and information leakage
• Session management
• Exception handling
• Privilege escalation

The report presented at the conclusion of the assessment will include all the information required by application owners to duplicate and resolve identified issues. When required, AppSec Consulting security consultants will work with application owners and developers to identify optimal solutions.

Vulnerability Assessment vs. Penetration Test
Vulnerability assessment is the process of identifying and quantifying vulnerabilities in a system. Issues identified are usually potential vulnerabilities that may or may not lead to an actual compromise of the system.

Penetration test is the process of evaluating the security of a computer system or network by simulating an attack by a malicious hacker. The process goes further than a vulnerability assessment and involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities and can involve active exploitation of identified security vulnerabilities.

Send us an email to have someone contact you with more information on vulnerability assessments.
You can also use the feedback/enquiry form to get in touch with us.