Web App

Web apps are essential to a company's success and are a popular target for hackers. Web Application Penetration / Security Testing (WAPT / WAST) is the practice of proactively spotting application flaws, such as those that can result in the loss of confidential customer data, business information or financial data. Misconfigured SaaS web apps and server-side security measures fall under this category.

In order to protect our clients' critical IT assets, Selkey Cyber Security Private Limited performs Web Application Security Testing (WAST) manually using a proprietary, well-researched methodology that may include, but is not limited to, OWASP Top 10, OSSTMM standards, SANS Top 25, etc. We place a lot of emphasis on business logic flaws that automated scanners miss. Our team promptly has internal meetings to talk about odd testing methods, which leads to the discovery of further vulnerabilities.

The Method We Use for Dynamic Analysis

In this technological age, when dynamic application analysis is widely employed, we make sure that our clients keep ahead of new risks. We modify and include current security standards such ASVS by OWASP, SANS top 25, MITRE | ATT & CK, NVD, OWASP top 10, NIST, and OSSTMM more into our process.

It takes extensive knowledge on how to use the most recent web application security testing tools in order to conduct efficient penetration testing for web applications. Ethical hackers use a variety of specialized tools to evaluate the security of web applications. These include networking tools like Wireshark, specialized pen testing platforms like burp suite, Metasploit Pro, and Kali Linux, as well as specially created tools and vulnerabilities written in Python, Java, and PowerShell.

There may be interaction between different web applications:


Reporting Standards

Common Vulnerabilities and Exposures (CVE) Compatible Common Weakness Enumeration (CWE) Compatible Common Vulnerability Scoring System (CVSSv3.1) OWASP Web Security Testing Guide (WSTG)

Test Cases for Business Logic Vulnerabilities

This group of flaws identifies some of the fundamental issues that frequently enable attackers to change the business logic of an application. Business logic mistakes can completely ruin a program. Since they often entail acceptable usage of the application's capabilities, they might be challenging to discover automatically. However, a lot of logical mistakes in business processes might show patterns that resemble well-known implementation and design flaws.

Business Logic Vulnerability Test Cases

CWE-840: Business Logic Errors: Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application’s functionality. However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses.