Website Application Security Testing

Website Application Security Testing


► Identify the applications to be review

  • Securis360 team and client shall identify applications to be assessed

► Automated scan and exploitation

  • Perform automated scans on the identified applications.
  • Review the extent to which web pages and nodes are vulnerable to exploits that are realistic by performing:

Manual testing

  • Perform manual assessment of in-scope applications.
  • Assess the applications basis on the key areas to focus as per OWASP methodology:
    • Injection
    • Broken Authentication and Session Management
    • Cross Site Scripting (“XSS”)
    • Insecure direct object references
    • Security misconfiguration
    • Sensitive data exposure
    • Missing function level access control
    • Cross Site Request Forgery (“CSRF”)
    • Using components with known vulnerabilities
    • Invalidated redirects and forwards and
    • Testing application business logic.


Application Security Assessment Report with details about the observation, risk, severity, business impact and recommendation.