Almost all organization has their websites. It can either be their corporate website, customer portal, webmails and etc. Most of the applications are built with workability, business flow and customer experience in mind. However, due to lack of awareness of secure coding practices, it often results the application to be a risk to the organization.
Firmus approach to web application testing would be in two areas which are authenticated and non-authenticated testing. This is to ensure we cover all the pages that are available on the website from a user and non-user perspective. Vulnerabilities such as SQL Injection, Cross Site Scripting, Directory Traversal and many more can be find by performing this web application penetration testing. By using a popular methodology for Web Application Penetration Testing called OWASP, Firmus makes sure that almost all aspect of the web application is being checked and verified. Handholding the customer during the period of remediation is one of our policy after we have submitted our findings to ensure all vulnerabilities that were found are closed and verified.