Web Application Security Assessment

Web Application Security testing involves a series of steps aimed at gathering information about the target system, finding vulnerabilities or faults in them, researching for exploits that will succeed against those faults or vulnerabilities and compromise the application. These include but are not limited to the below categories

• Information Gathering
• Configuration and Deploy Management
• Identity Management
• Authentication & Authorization
• Session Management
• Data Validation
• Error Handling
• Cryptography
• Business Logic
• Client side/Server side

OWASP Top 10 Web Vulnerabilities

1. A01 Broken Access Control

2. A02 Cryptographic Failures

3. A03 Injection

4. A04 Insecure Design

5. A05 Security Misconfiguration

6. A06 Vulnerable and Outdated Components

7. A07 Identification and Authentication Failures

8. A08 Software and Data Integrity Failures

9. A09 Security Logging and Monitoring Failures

10. A10 Server-Side Request Forgery (SSRF)