Web applications have become a necessity of business in a digital world, used for both externally facing applications to reach and assist customers through corporate websites, and internally for different business use cases, such as HR platforms. Protecting these assets is crucial to operating a modern and secure business. With the very real increase in data breaches impacting Australian organisations, business leaders are left worried and are asking the question, “Are we next?”. Expert security advice for your organisation can bring peace of mind that the good guys are finding vulnerabilities, before the bad ones. To prepare yourself for your next Web Application Penetration Test, detailed below is an overview on Alcorn Group’s testing methodology, as well as some of the most common risks found during testing.

Before testing begins, Alcorn Group’s consultants engage with stakeholders to gain a deeper understanding of the application and the business context in which its used. You can expect questions such as:

These sorts of questions raised during the scoping phase allow consultants to focus their time on investigating vulnerabilities that relate to what matters to your business. Alcorn Group understands that companies often do not have the budget to spend on an exhaustive penetration test (although it is recommended for conclusive results). Our consultants will take the time to understand what is relevant to the business use case, and what you aim to achieve out of the testing.

After the scoping and kick-off phases, Alcorn Group gets to work investigating and analysing your application. Using a variety of tools and following our unique testing methodology, Alcorn Group’s consultants will test for the OWASP Top Ten Web Application Security Risks and ASVS (Application Security Verification Standard) vulnerabilities. Some of the more common risks we uncover are:

Once Alcorn Group has finished the testing phase of the engagement, findings are collected, and our expert technical writing team develops a clear and concise report. This report is tailored to a variety of audiences, both technical and non-technical so that findings can be understood in a variety of contexts.

Testing your business’ web application is essential for gaining a deeper understanding of its security posture and empowering your organisation and its individuals to make decisions to improve your security posture. Alcorn Group’s process of assessing vulnerabilities and presenting recommendations leaves businesses with greater control and foresight in their security. To ensure that a web application remains secure in an ever-evolving threat landscape, penetration testing should be treated as an on-going process. This means that if you’ve not had a web application penetration test in over a year, it’s about time you have your applications looked at again.

Contact Us