What is Penetration Testing?
With robust and proven methodologies informed by the OWASP Top 10, Zoonou’s CREST accredited penetration testing, also known as pen testing or pentesting, is designed to identify and safely exploit gaps or vulnerabilities in a website or web application.
This takes the form of a planned attack on the application that looks for cyber security weaknesses, in an attempt to gain access to confidential data, content and features.
OWASP Penetration Testing
Our penetration testing service provides coverage of the Open Web Application Security Project (OWASP) Top 10, an industry recognised list of the most critical security risks and exploits found in web applications.
A01: Broken Access Control
A02: Cryptographic Failures
A03: Injection
A04: Insecure Design
A05: Security Misconfiguration
A06: Vulnerable and Outdated Components
A07: Identification and Authentication Failures
A08: Software and Data Integrity Failures
A09: Security Logging and Monitoring Failures
A10: Server-Side Request Forgery (SSRF)
Our Methodology
Zoonou’s pen testing and vulnerability scanning methodology is CREST certified and aligned to industry standards and practices. An engagement with Zoonou will include:
- Scoping – we work with your team to get an understanding of the web application and define the boundaries & expectations of testing.
- Test planning & setup – our team perform end to end journeys through the web application to audit the test surface and guide the test approach.
- Test execution – manual and automated test cases are launched to identify any potential vulnerabilities and to test the security controls that are in place.
- Reporting & debrief – once test execution is complete, we publish a report detailing a summary of the project, as well as any issues found.
- Vulnerability scanning – this includes launching a cloud based vulnerability scan at the target web application to look for any potential vulnerabilities. Scans can be monthly or quarterly in frequency, or set in line with your sprint schedule.
