Subscribe to our weekly newsletter Cyber Times and join our 10000+ strong Cyber Resilient Community
What is Application Security Testing?
The purpose of this assessment was to evaluate the cyber security of your Web Application
using simulated attacks to identify and exploit vulnerabilities in your Web Application. Malicious attacks
are simulated using a variety of manual techniques supported by automated tools. Our penetration testing
methodology goes beyond the detection process of simple scanning software to identify and prioritize the
most vulnerable areas of your Web Application and recommend actionable solutions.
Talk To a Security Expert
We Will Help You To Choose The Best Plan!
Web Application Penetration Testing Methodology
KRATIKAL’s discursive method for web application penetration testing overlay the classes of vulnerabilities in
the Open Web Application Security Project (OWASP) Top 10 2017, including but not limited to: Injection, Broken
Authentication, Sensitive Data Exposure, XXE, Broken Access Control, Security Misconfigurations, XSS, Insecure
Deserialization, using components with Known Vulnerabilities, and so more. Each and every web application
penetration test is conducted consistently using globally accepted and industry standard frameworks. In order to
ensure a sound and comprehensive application penetration test, Kratikal leverages industry standard frameworks
as a foundation for carrying out penetration tests.
Kratikal is now empanelled by CERT-In
Kratikal provides a complete suite of Customizable Security Auditing Services.
Industry’s Best Security Standards
Our team of experts uses practices that involve the industry’s best security standards including:
OWASP Secure Coding Guidelines
Error Handling and Logging
General Coding Practices
Authentication and Password Management
SANS25 Secure Coding Guidelines
Out-of-bounds Read, Integer Overflow or Wraparound
Improper Restriction of Operations within the Bounds of a Memory Buffer
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exposure of Sensitive Information to an Unauthorized Actor
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
High Level Test Cases
Test Cases for Black-Box Assessment:
Configuration and Deploy Management Testing
Data Validation Testing
Test Cases for Grey-Box Assessment:
Identity Management Testing
Session Management Testing
Input Validation Testing
Business Logic Testing
Security Testing Methodology
The first phase in a web application penetration test is focused on collecting as much information as
possible about a target application. Reconnaissance, aka Information Gathering, is one of the most
critical steps of an application pen test. This is done through the use of public tools (search
engines), scanners, sending simple HTTP requests, or specially crafted requests. As a result, it is
possible to force the application to leak information, e.g., disclosing error messages or revealing
the versions and technologies used.
Example testing include: Conduct Search Engine Discovery and Reconnaissance for Information
Search Engine Recon, App Enumeration and App Fingerprinting, Identify app entry point
Comprehending the deployed configuration of the server/infrastructure hosting the web application is
nearly as critical as the application security testing itself. After all, an application chain is only
as strong as its weakest link. Application platforms are wide and varied, but some key platform
configuration errors can compromise the application in the same way an unsecured application can
the server (insecure HTTP methods, old/backup files).
Example testing includes: TLS Security, App platform configuration, File Extension Handling and
Cross Site Tracing, Test HTTP strict transport security, Test HTTP methods, Test File permission
Authentication is the process of attempting to verify the digital identity of the sender of a
communication. The most common example of such a process is the log on process. Testing the
authentication schema means understanding how the authentication process works and using that
information to circumvent the authentication mechanism.
Example testing includes: Weak lockout mechanism, Bypassing authentication schema,
Browser cache weakness, Weaker authentication in alternative channel.
Session Management is defined as the set of all controls governing the stateful interaction between a
user and the web application he/she is interacting with. In general, this covers anything from how
user authentication is carried out, to what happens when they log out.
Example testing includes: Session Fixation, Cross Site Request Forgery, Cookie Management and
Session Timeout, Testing for logout functionality.
Authorization Testing involves understanding how the authorization process works and using that
information to circumvent the authorization mechanism. Authorization is a process that comes after a
successful authentication, so the pen tester will verify this point after he/she holds valid
credentials, associated with a well-defined set of roles and privileges. As a result, it should be
verified if it is possible to bypass the authorization schema, find a path traversal vulnerability, or
find ways to escalate the privileges
Example testing includes: Directory Traversal, Privilege Escalation and Bypassing Authorization
Controls, Insecure direct object reference.
Data Input Validation
The most common web application security weakness is the failure to properly validate input coming
from the client or from the environment before using it. This weakness leads to almost all of the
major vulnerabilities in web applications, such as cross site scripting, SQL injection, interpreter
injection, locale/Unicode attacks, file system attacks, and buffer overflows.
Example testing include: Cross Site Scripting, SQL Injection, OS Commanding and Server- Side
code injection, Local file inclusion and Remote fie inclusion, Buffer overflow
Testing for Error handling
Often, during a penetration test on web applications, we come up against many error codes generated
from applications or web servers. It's possible to cause these errors to be displayed by using a
particular request, either specially crafted with tools or created manually. These codes are very
useful to penetration testers during their activities, because they reveal a lot of information about
databases, bugs, and other technological components directly linked with web applications.
Example testing include: Analysis for Error codes, Analysis for Stack Traces.
Testing for Business logic
There are many examples that can be made, but the one constant lesson is "think outside of
conventional wisdom". This type of vulnerability cannot be detected by a vulnerability scanner and
relies upon the skills and creativity of the penetration tester. In addition, this type of
vulnerability is usually one of the hardest to detect, and usually application specific but, at the
same time, usually one of the most detrimental to the application, if exploited.
Example testing include: Integrity checks, Process timing, Upload of unexpected filetype, Ability
to forge request.
Client-Side testing is concerned with the execution of code on the client, typically natively within
a web browser or
browser plugin. The execution of code on the client- side is distinct from executing on the server and
redirection, Cross origin resource sharing and Manipulation.
A denial of service (DoS) attack is an attempt to make a resource unavailable to its legitimate
users. Traditionally, denial of service (DoS) attacks have been network based: a malicious user floods
a target machine with enough traffic to make it incapable of servicing its intended users. There are,
however, types of vulnerabilities at the application level that can allow a malicious user to make
certain functionality unavailable. These problems are caused by bugs in the
application and often are triggered by malicious or unexpected user input. This phase of testing will
focus on application layer attacks against availability that can be launched by just one malicious
user on a single machine. Not all clients have an appetite for DoS testing, therefore it may not
always be a component of each and every penetration test.
The reporting step is intended to deliver, rank and prioritize findings and generate a clear and
actionable report, complete with evidence, to the project stakeholders. The presentation of findings
can occur in-person–format is most conducive for communicating results. At Kratikal, we consider this
phase to be the most important and we take great care to ensure we’ve communicated the value of our
service and findings thoroughly
We use industry benchmark
security testing tools across each of the IT infrastructure as per the business and technical
requirements. Below are few from many of the tools we use:
What Our Clients Say About Us?
"From high level concepts to hands on training,Kratikal's courses provide
enough details and depth to allow us to show the skillsets learned
immediately after the learning, allowing our employees to
see their return on investment."
"In their pentesting results, we came across few gaps which our teams
couldn't have ever identified or spotted. Kratikal made us realize that
getting an external perspective
into how we are performing can have great benefits."
"The competent experts from Kratikal identified bugs present in our app
and helped us in patching all the vulnerabilities found. We are glad that
we reached out to Kratikal and opted for their VAPT services."
Vulnerability Assessment and Penetration Testing (VAPT) is a security testing methodology that is composed of two, more specific methods within the same area of focus. The test is undertaken to perform security vulnerability assessment and identify the exploitable security vulnerabilities in your organization’s IT infrastructure.
You may have moved your assets to the cloud, however, that doesn’t mean that your data is 100% secure. Cloud security testing services are crucial to the security assurance of the cloud environment, systems and services.
Yes, Kratikal is counted amongst the top VAPT companies in India. Our cyber security experts provide cyber security consulting services to help you protect your company’s systems, grow your business, and deploy proper security solutions to ensure safe operation.
Some of our valuable customers who have partnered with us.
Kratikal Tech. Pvt. Ltd. is the trusted standard for companies and
individuals acquiring services to protect their brands, business and dignity from baffling