What is Application Penetration Testing?

It is a course of action where a computer & network professional analyze an application to explore procurable and current vulnerableness on a network. This course of action is labor-intensive and requires indepth cognition and experience in a variety of different mechanisms and a range of exploits.

How is this varied from PCI Compliance?

For most retailers, who authorize as “L4″ merchants (less than 25,000 Visa transactions/year), PCI Compliance utilizes blasé and well-established automated tools to explore and report procurable vulnerabilities. However, there are restrictions to automated tests, and a web application penetration test is designed to more thoroughly evaluate an application than can be realized through automated tests.

Who is an Ethical Hacker?

An Ethical Hacker goes through pervasive training to become well versed in variety of techniques and tools to mimic how an effective vicious hacker may gain route to your system. The ethical hacker works for the site holder, instead of against them.

What do you test for?

We need to test for range of vulnerabilities. These include but are not confined to:

• Validation of input (Form, Data, Fields, URl, e-mail … etc)
• Buffer Overflow (Memory, Function calls, Stack flow, stack over run, system stack … etc)
• Cross Site Scripting (DOM-based, reflected vulnerability, second-order vulnerability … etc)
• URL Manipulation (Trial and error, Directory traversal … etc)
• SQL Injection (First order attack, second order attack, lateral injection … etc)
• Cookie Modification
• Bypassing Authentication (Direct page request, Parameter Modification, Session ID Prediction … etc)
• Code Execution (Shell code attacks, malicious attack … etc)