Application Security Testing

OVERVIEW

Web and Mobile Applications are the primary entry point for attackers. These apps are often left vulnerable due to factors like enormous pressure on Development teams to meet deadlines, vulnerable third-party APIs, insecure platform usages and lack of secure coding methodologies.

Kratikal offers Vulnerability Assessment and Penetration Testing services for web and mobile applications to find security loopholes, authentication flaws, zero-day vulnerabilities in your application. We adhere to international standards like OWASP, OSSTMM and SANS to perform in-depth assessment of your applications.


ADVANTAGES

Proactive reporting of critical vulnerabilities.

Prevent breach of confidential information like customer details, bank account details, server credentials and other Personal Identifiable
      Information (PII) due to application.

Prevent unauthorised use of flawed business logic which could lead to loss of revenue, trust and brand value.

Prevent inadvertent data loss due to vulnerable APIs, improper platform and framework usage.


HOW IT WORKS

We follow universal testing standards like OWASP, OSSTMM and SANS for comprehensive security assessments.


Information Gathering:
In this stage we perform detailed reconnaissance about the application, its architecture, features and security controls. Certain inputs are also sought from the Dev team.

Planning and Analysis:
Based on the information collected in the previous stage, we analyse the possible attack points and devise a full scale “Red Team” approach to mimic real time attacks. To minimise impact of day-to-day activities of the IT asset, we plan the attack, either on dummy environment or during times of lowest network activity (lowest traffic).

Vulnerability Assessment:
In this stage, we run vulnerability scanners to look for possible vulnerabilities and common vulnerabilities related to the platform, APIs, technology framework etc.

Penetration Testing:
Here we run exploits on the application to evaluate its security. We use custom scripts, open source exploits and in-house tools to achieve high degree of penetration. We have over 200 test cases for web and mobile application. Some test cases are general for all applications, others are specific to the domain of the application like E-Commerce, Payment, Consumer Internet, Telecom and Healthcare.

Reporting:
We generate concise and succinct reports of the vulnerabilities discovered along with discussion on the nature of vulnerability, its impact, threat level and recommendation to remove the vulnerability.