Facebook Twitter Linked In
Panacea InfoSec

Application Penetration Testing Overview

An Application Penetration Test is an ethical attack simulation that is intended to expose the effectiveness of an application's security controls by highlighting risks posed by actual exploitable vulnerabilities. The Penetration Test model is built around a manual testing process. This process is intended to go much further than the generic responses, false positive findings and lack of depth provided by automated application assessment tools.

Top Vulnerabilities Identified by Panacea InfoSec Application Penetration Testing

Input Validation Buffer Overflow
Cross Site Scripting URL Manipulation
SQL Injection Hidden Variable Manipulation
Cookie Modification Authentication Bypass
Code Execution Other Common Software Attacks

Using our methods, Panacea is able to demonstrate actual exploitable vulnerabilities within an application. The testing results provide a detailed deliverable with both tactical and strategic recommendations that are both actionable and advisory in nature. This practice aids clients in pinpointing flaws and mitigating the risk of compromise.

The results of every Application Penetration Test include complete details on application security issues, exploitation results, and both tactical and strategic recommendations.

Application Penetration Testing Specialties

Web-Based Application Penetration Testing

The increased use of varied Web applications to handle confidential data is a concern for many organizations. While the comfortable interface of a Web-based application is certainly convenient, it is accompanied by an increased risk. Using Panacea InfoSec to conduct an application penetration test on Web-based applications provides clients with a comprehensive penetration test of the entire application environment. These applications can be both internally and externally facing requiring either onsite or offsite (remote) testing by our team of application security experts.

Thin Client Application Penetration Testing

While Web-based applications garner much more of the security industry's attention, thin client application security is no less important. Using Panacea InfoSec to conduct testing of thin client applications provides clients with a comprehensive test and exposes risks associated with these types of applications.

Thick Client Application Penetration Testing

Just as thin clients are often overlooked, thick client applications are often ignored during security testing. Limited or no reliance on a server does not eliminate risk of data compromise. Panacea InfoSec routinely provides testing of all types of thick client applications — ranging from mission-critical business applications to video games.       

Secure Development Training

Internal developers creating applications are not always aware of current security risks, vulnerabilities or exploits. As a supplement to performing code review, Panacea InfoSec provides a customized training class to an organization's developers based upon industry best practices and the results of the actual reviews performed. This service has been found to be more effective in mitigating future secure coding errors by developers because they are trained on examples taken from their applications.

Contact us