The AppSA includes credentialed and/or non-credentialed vulnerability assessment and penetration testing of web-based, mobile, intranet, etc applications to validate security and protection against outside attackers, malware, lateral and vertical privilege escalation and account hijacking.
Testing covers injection (URL, SQL, LDAP, cookie etc.), authentication, session management, cross-site scripting, object/function access control, data exposure, misconfigurations, vulnerable components/frameworks/libraries, forged redirect/forwards, cookie security, hashing and more.
Notes: Testing assesses against OWASP Top 10 and beyond to ensure baseline coverage and more. For production systems, Illumant takes care not to run potentially destructive exploits.