Web Application Testing
Penetration testing is a standard test Signal Networks conducts when running a web application tests. Penetration testing is a full audit of a company’s external visibility, whereas web application testing audits web servers specifically. Some companies may not require a full audit of their system, only of web servers, this is where there is differentiation between the two.
Many applications are vulnerable to such attacks because application developers do not consistently employ secure coding practices. The following attack types can be considered significant threats:
- Cross Site Scripting (XSS)
- SQL injection flaws
- OS command injections
- Site reconnaissance
- Session hijacking
- Application denial of service
- Malicious probes/crawlers
- Cookie/session tampering
- Path traversal
Online Web-based applications are increasingly at risk from professional hackers who target such applications in order to commit data theft or fraud. Being compromised can damage an enterprise’s reputation, result in loss of customers and impact the organisation’s bottom line.
In addition, companies that transact online are faced with a host of growing industry regulations such as the Payment Card Industry Data Security Standard (PCI DSS), which mandates that all enterprise and Web applications handling credit card and account information must undergo an extensive and costly audit of custom application code. The alternative to satisfy PCI DSS compliance is simply installing a Web application firewall.
The combination of these factors along with banking industry PCI DSS compliance concerns, creates demand for a more technologically and cost-effective risk protection solution for online Web applications.
Ideally, every Web application should be tested to ensure that it will work perfectly on every browser that might access it. But with the fragmentation of the browser market and the increasing importance of the very fluid world of mobile platforms, that’s a practical impossibility. Still, you can come closer than you might think. You can use a wide array of tools for cross-platform Web testing. Whether you have the resources for a workstation with several virtualised OS’s, or can only run your application through a hosted service, you have the capacity to see how your application will work in different user environments—and you owe it to your users to make it work as well in as many places as you can.