Infosec Shield's web application penetration testing service leverages the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS) and the OWASP Testing Guide. Together, they create a comprehensive framework for assessing the security of web-based applications, as the foundation for our web application assessment methodology. On top of OWASP Top 10 vulnerabilities, the pentesters will also test the security of specific business logic associated with the web application such as weaknesses in data validation or integrity checks — flaws that can only be discovered through manual testing, not automated vulnerability scanning.
API penetration testing is very similar to web application penetration testing and so the Infosec Shield's API pentesting methodology is based on the same foundation — the OWASP Top 10, the OWASP ASVS, and the OWASP Testing Guide. Infosec Shield tests web-based APIs, REST APIs, and mobile APIs. Infosec Shield analyze the target API to find out which authentication type is used, study API structures, understand request methods, responses, roles, and exploit bugs on a real production API or an API in a staging environment.
Mobile Application Pentest
Infosec Shield does testing for applications on all mobile platforms including iOS, Android, and Windows. Infosec Shield’s pentesters go beyond looking at just common API and web vulnerabilities to examine the risk of a mobile application, leveraging OWASP Mobile Top 10 and other methodologies to assess its security.
External Network Pentest
Infosec Shield can test external networks for any hosting service. Infosec Shield's pentesters will carry out the testing without detailed network or infrastructure diagrams and without any accounts or additional user information (unless required as part of the scope). We follow a standard methodology based on Open Source Security Testing Methodology Manual (OSSTMM). The External Network test can be limited to a specific IP range or include more wide reconnaissance using OSINT (open-source intelligence).
Code Assisted Pentest
Pentests are typically performed from a “black box” or “zero knowledge” perspective; meaning the security pentesters have limited to no prior knowledge about the implementation details of the target, in-scope application. With code-assisted, gray-box penetration testing, Infosec Shield’s pentesters have access to the source code of the application, effectively enabling the team to use the code alongside testing activities as a means to gain a thorough understanding of the target application and enhance the accuracy of the discovered findings.
Additional Pentest Services
Can't find what you're looking for? Reach out to learn about a more customized pentest, from micro engagements to continuous testing, As per the requirements we offer services customized to your testing needs.