Identify the applications to be review
Securis360 team and client shall identify applications to be assessed
Automated scan and exploitation
Perform automated scans on the identified applications. Review the extent to which web pages and nodes are vulnerable to exploits that are realistic by performing:
Perform manual assessment of in-scope applications
Assess the applications basis on the key areas to focus as per OWASP methodology
Injection, Broken Authentication and Session Management, Cross Site Scripting (“XSS”), Insecure direct object references, Security misconfiguration, Sensitive data exposure, Missing function level access control, Cross Site Request Forgery (“CSRF”), Using components with known vulnerabilities, Invalidated redirects and forwards and, Testing application business logic
Application Security Assessment Report with details about the observation, risk, severity, business impact and recommendation
